Mobile communication device monitoring systems and methods

ABSTRACT

Systems and methods are directed to monitoring the communications to and from a mobile communication device in accordance with one or more embodiments. For example in accordance with an embodiment, data services a mobile communication device&#39;s applications may be monitored against smart contracts stored in a central data center repository and/or written to a blockchain. Other data services may include all forms of communications between the mobile communication device and a third party along with changes to application or data within the mobile communication device. Monitoring the mobile communication device may be done to determine compliance with the smart contracts and whether a penalty or reward on device usage should be applied.

CROSS-REFERENCE TO RELATED APPLICATIONS

This patent application is a Continuation patent application claimingpriority to and the benefit of U.S. patent application Ser. No.16/056,460 filed Aug. 6, 2018, which will issue as U.S. Pat. No.10,547,687, which is a Continuation-In-Part patent application claimingpriority to and the benefit of U.S. patent application Ser. No.15/138,174 filed Apr. 25, 2016, now U.S. Pat. No. 10,045,327 issued Aug.7, 2018, which is a Continuation-In-Part patent application claimingpriority to and the benefit of U.S. patent application Ser. No.14/228,040 filed Mar. 27, 2014, now U.S. Pat. No. 9,324,074 issued Apr.26, 2016, which is a Continuation-In-Part patent application claimingpriority to and the benefit of U.S. patent application Ser. No.13/405,907 filed Feb. 27, 2012, now U.S. Pat. No. 8,712,396 issued Apr.29, 2014, which is a Continuation-In-Part patent application claimingpriority to and the benefit of U.S. patent application Ser. No.12/014,494 filed Jan. 15, 2008, now U.S. Pat. No. 8,126,456 issued Feb.28, 2012, which is a Continuation-In-Part patent application claimingpriority to and the benefit of U.S. patent application Ser. No.11/695,500 filed Apr. 2, 2007, now U.S. Pat. No. 7,996,005 issued Aug.9, 2011, both of U.S. patent application Ser. No. 12/014,494 and U.S.patent application Ser. No. 11/695,500 claiming priority to and thebenefit of U.S. Provisional Patent Application No. 60/885,384 filed Jan.17, 2007, which are all incorporated herein by reference in theirentirety.

TECHNICAL FIELD

The present invention relates generally to communication systems and,more particularly, to mobile communication devices and systems andmethods for monitoring the communication devices.

BACKGROUND

Blockchains may be used to record data or records in a linked and securemanner. Blockchain records are secured through the use of a distributedcomputing system where each record is written to the blockchain and thenduplicated and distributed among many computers. The individualcomputers that make up the blockchain network each individually recordthe data and reconcile the data. Moreover, each record block may includedata for the previous block, thereby preventing manipulation ofindividual blocks without altering subsequent blocks. Thus, no singlerecord or database exists to be corrupted by a hacker or other maliciousparty. For example, a record that is altered on one computer would notcompare with other blockchain records and the retroactive altering of arecord would further alter all subsequent blocks within the blockchain.This creates a digital ledger of records, which may include transactionsor other data. Additionally, blockchain records allow individual usersto view verified blockchain records and enforce transactions written tothe record.

Currently, mobile communication devices allow a wide range of activitiesto be performed by users. This can range from activities used totransact business and/or access educational materials to more leisurelyactivities, such as social networking, messaging with friends or family,and/or gaming and other entertainment applications. Thus, in somesituations, these technologies may allow undesirable access to a device,people, and content or undesirable use of the device by a user such as achild. Conventional systems provide only limited control of these typesof undesirable activities and communication.

For example, conventional systems may be used to lock mobile deviceaccess to a certain type of use and/or application installation. Inanother example, some applications may control the content presented toan end user through the use of age classifications such as Teen, Mature,PG13, etc. However, this approach can be impractical for many reasons.For example, it is common for teens to state that they are older thanthey are to gain access to adult features on social networks and devicescan be passed down from parent to child. More generally, the age of theend user is personally identifiable protected information that isheavily regulated by most governments. Moreover, parents oradministrators of another device may wish to provide limited use tothese applications as a reward or benefit for completion of specificgoals, but may not want overuse. Thus, a blanket restriction on deviceusage may be impractical and unwanted.

Due to these limitations, the “agreements” between employer and employeeor parent and child are for the most part verbal. Even though digital orsmart contracts exist which can be recorded on a blockchain forautonomous execution of these agreements, there is currently nomonitoring technology that stores, executes, verifies execution and/orimposes restrictions in accordance with the terms of these agreementsassociated with the use of mobile device.

There is thus a need in the art for improved systems and methods formonitoring device communications, application use, functionality, andpresence in accordance with the terms of a smart contract.

SUMMARY

Systems, methods, and program products are disclosed, in accordance withone or more embodiments of the present invention, which are directed tomonitoring device usage and communications in order to enforce smartcontracts that are verified with a distributed computing architecturethrough a blockchain. The smart contracts may include permission ruleslinked together to form a permission scenario that provides particularactions or output based on whether device activity is allowed orrestricted by the permission scenario. This allows an administratordevice or remote server to monitor smart contract compliance (e.g.,fulfillment or violation of smart contract performance), as well as eachcomputing device within a network for the blockchain to similarly do so.The devices within the network may then append a smart contract based oncompliance, and issue an alert, reward, and/or penalty.

In some embodiments, an administrator may be provided with the abilityto monitor and restrict access to particular device usage byestablishing rules for data service uses on the device, which are basedon device activity. This may limit a user from specific activity on amobile phone. An administrator may be a parent, a work supervisor, asecurity service administrator, or a network administrator (asexamples).

In accordance with an embodiment, a parent or other administrator may beprovided with the ability to monitor mobile access and use of dataservice uses by the mobile communication device. The parent oradministrator may authorize or otherwise approve the use of particulardevice uses and, if desired, set rules as to which type of applicationsand data services may be accessed and used. The application and/or oneor more associated and/or unassociated calls, text messages or Internetaccesses can each be an IDENTITY that is being blocked, monitored oralerted by the system using rules to restrict access to content based ona classification.

In accordance with an embodiment, the administrator may establish smartcontracts for use of the mobile communication device by another user,which may include one or more permission rules and a processing action(e.g., an alert, a penalty imposed on application usage, and/or abenefit provided for application usage). The permissions rules definethe application usage metrics that are evaluated, and the permissionsmay be stored remotely or on a mobile device for monitoring. Thepermissions may make up one or more of the smart contracts storedlocally to the device as well as confirmed using a blockchain or otherproprietary contract verification process. A blockchain may confirm asmart contract by recording the smart contract to a record block anddistributing the blockchain publicly or privately. Once the smartcontract is generated, applications on the mobile communication devicemay be monitored to determine whether the data service uses and otherusage metrics of the applications comply or violate terms of the smartcontracts.

In this embodiment, the application being monitored and the online dataor remote device (e.g., a third party) is the IDENTITY whose access isbeing monitored by the system. Additional rules can be applied to alertand/or restrict or block access to the application based on ageographical location (sometimes referred to as a geo location or geostamp), a time of day, single application usage thresholds (e.g., timeor amount of application usage), weekly application usage thresholds,content based on classification, alerts generated when the applicationusage goes above or below a certain threshold, and/or other suitablerules for monitoring, blocking, or restricting content.

In this embodiment, the mobile communication device or a remote servermay utilize the blockchain verified smart contracts to determinecompliance with contract terms (e.g., the permission rules). If themobile communication device has been used to fulfill the contract terms(e.g., if the data service uses and/or application usage metrics arewithin acceptable thresholds under the permission rules), acorresponding alert and/or reward may be provided. If the mobilecommunication device's usage has failed to comply with and/or isrestricted based on the smart contracts, another alert may be sent and apenalty on device usage may be applied. The monitored application usagemay be time period or interval based to determine compliance with asmart contract. For example, a time on application usage may beimplemented daily, weekly, or for a period of employment or device useby another. Thus, the smart contract may be repeating and not resolvedbased on data service use monitoring for a single period of time.Rewards, penalties, and other processing actions taken based on a smartcontract may limit application access, application usage, data transferbandwidth or allowance, communications with other devices, or othereffects on use of the mobile communication device.

In accordance with another embodiment, security protocols may beprovided to the end user in the event of a lost or stolen phoneincluding the ability for the user or an administrator to remotely wipethe device, log and alert the geo location whenever the application isused, or obtain any combination of services and events (e.g., time,threshold, communication, etc.) being monitored by the system. This typeof real-time monitoring of a user's (e.g., a child's or an employee's)application usage may provide real-time monitoring and security toparents and administrators without requiring broad based, simultaneousaccess to inaccessible banking, credit card, and carrier location basedsystems (LBS).

Data services may include all forms of communications between the deviceand a third party including, for example, cellular voice calls, shortmessage service (SMS) text messages, email, instant messaging sessions,and/or the applications used by the data services including, forexample, an application, a digital wallet, address book, calendar,and/or tasks maintained on the wireless device. In accordance with someembodiments, monitoring may be performed for a multitude ofcommunication protocols for sending or receiving data including, forexample, protocols associated with cellular networks, specificapplication communication protocols, Wi-Fi standards, Bluetoothstandards, Personal Area Networks, Near Field Communication, Local AreaNetworks, and/or Public Networks.

According to some embodiments of the present invention, a user mayspecify the permissions for each data service associated with a wirelessdevice. The user may specify whether use of the service is allowed ordenied for any identity that is not currently in the permissions addressbook for the device. In addition to the forensic information collectedand stored regarding the communication transaction, an embodiment of thepresent invention collects, stores, and analyzes the contextualinformation contained within the data including financial transactions,text, files, pictures, audio, and/or all other manner of digital andanalog content transmitted between a mobile communications device and athird party.

In accordance with some embodiments of the present invention, systems,methods, and program products are disclosed that alerts the userwhenever an unauthorized activity is detected. For example, the user mayspecify one or more methods of notification including email, SMS textmessage, voice call, and/or any other publicly acceptedmachine-to-machine communications protocol to alert the user whenever anunauthorized activity is detected. In general in accordance with someembodiments, the type of unauthorized activity being monitored mayinclude any form of information transmission and/or reception (e.g., ofaudio, photo, video, textual data, or multimedia information), any typeof change to the wireless data device, and/or any form of applicationdata usage, transmission, and/or reception (e.g., with a recipient, atime of day, a geo location, an amount or type of data use, a length ofapplication use, or other aspect of an application usage). Similarly inaccordance with some embodiments, the user notification of unauthorizedactivity may be provided in any form of communication, including forexample audio, photo, video, textual data, and/or multimediainformation.

More specifically in accordance with one or more embodiments of thepresent invention, a client application installed on a mobilecommunications device, such as for example a cell phone, PDA, or tablettransmits detailed device usage information using a wireless dataconnection from the device to a central repository accessible from anetwork (e.g., the Internet). For example, monitoring of device usagemay include such things as inbound or outbound phone calls, inbound oroutbound SMS Text Messages, inbound or outbound Instant Messages,application usage and changes, Web Browser Access, Address Book changes(e.g., Adds, Modifications, and/or Deletions), Calendar Appointmentchanges (e.g., Adds, Modifications, and/or Deletions), Tasks changes(e.g., Adds, Modifications, and/or Deletions), changes to the installedapplications on the device (e.g., Adds, Modifications, and/orDeletions), and/or inbound or outbound multimedia files.

In addition to the client application in accordance with one or moreembodiments of the present invention, a web-based monitoringapplication, which is controlled by an administrative user such as forexample a parent or manager, monitors the contents of the centralrepository. For example, based on rules selected by the administrativeuser, the device usage is allowed, denied, and/or an alert is sent tothe administrative user notifying them of an unauthorized event. Inaccordance with some embodiments of the present invention, existinglocation services (e.g., GPS, cell-based location applications, ornetwork-based location applications) may be employed to include themonitoring and alerting of the physical location of the device.Furthermore in accordance with some embodiments, the information storedin the central repository may be signed and/or encrypted to providesecure storage and authentication, such as for chain of custody or otherevidentiary reasons.

In accordance with one embodiment of the present invention, anadministrator device comprises a memory configured to storeapplications, permission rules, and smart contracts associated with thepermission rules, wherein the permission rules comprise data serviceuses allowed using a mobile communication device based on activities ofthe mobile communication device, wherein each of the smart contractscomprise at least one of the permission rules and a processing actionperformed based on whether the data service uses violate the at leastone of the permission rules, and wherein the permission rules are set byan administrator of the mobile communication device, a processor,coupled to the memory and configured to execute the applications storedin the memory, and a network communication component configured tocommunicate with the mobile communication device. The applicationscomprise a device data monitor program configured to receive deviceactivity by the mobile communication device, wherein the device activitycomprises at least one data service use for the mobile communicationdevice based on at least one activity performed by the mobilecommunication device, and wherein the at least one activity comprisesidentification of the at least one data service use, access the smartcontracts for the mobile communication device, determine whether the atleast one data service use violates one or more of the smart contractsbased at least in part on whether the identification of the at least onedata service use is found in the permission rules for the one or moresmart contracts, and execute the processing action based on whether theat least one data service use meets, exceeds, or fails to meet the rulesassociated with the one or more of the smart contracts.

In accordance with another embodiment of the present invention, a methodcomprises receiving smart contracts for a mobile communication devicefrom an administrator associated with the mobile communication device,wherein the smart contracts are associated with permission rules fordata service uses allowed using the mobile communication device based onactivities of the mobile communication device, wherein each of the smartcontracts comprise at least one of the permission rules and an alerttransmitted based on whether the data service uses meet, exceed, or failto meet the at least one of the permission rules, and wherein thepermission rules are set by an administrator of the mobile communicationdevice, receiving device activity by the mobile communication device,wherein the device activity comprises at least one data service use forthe mobile communication device based on at least one activity performedby the mobile communication device, and wherein the at least oneactivity comprises identification of the at least one data service use,and determining whether the at least one data service use is allowedfrom the smart contracts based at least in part on whether theidentification of the at least one data service use is found in thepermission rules for the smart contracts.

In accordance with another embodiment of the present invention, anothermethod comprises receiving input from an administrator for a mobilecommunication device, wherein the input comprises rules data for use ofa mobile communication device and a permission settings for the use ofthe mobile communication device based on the rules data, and wherein theinput is received from the administrator of the mobile communicationdevice prior to the use of the mobile communication device, establishingsmart contracts for the mobile communication device based on the input,wherein the smart digital contract comprise permission rules for dataservice uses allowed using the mobile communication device based onactivities of the mobile communication device, and wherein the smartcontracts further comprise the permission settings processed with themobile communication device based on whether activities of the mobilecommunication device meets, exceeds, or fails to meet the permissionrules, connecting to the mobile communication device, and configuringthe mobile communication device with the smart contracts, wherein themobile communication device allows or restricts at least one dataservice use of the mobile communication device or executes a monetarytransaction based at least in part on whether an identification of theat least one data service use from at least one activity performed bythe mobile communication device is allowed in the smart contracts basedon the activities of the mobile communication device.

In accordance with another embodiment of the present invention, a mobilecommunication device comprises a memory configured to store mobileprograms, program data associated with the mobile programs, and smartcontracts associated with permission rules for the mobile communicationdevice, wherein the permission rules comprise data service uses allowedfor the mobile communication device based on activities of the mobilecommunication device, wherein each of the smart contracts comprise atleast one of the permission rules and a processing action performedbased on whether the data service uses meets, exceeds, or fails to meetthe at least one of the permission rules, and wherein the permissionrules are set by an administrator of the mobile communication device, aprocessor, coupled to the memory and configured to execute the mobileprograms stored in the memory, and a communications port configured tocommunicate with a device administration server. The mobile programscomprise a monitoring program configured to receive the smart contractsfrom the device administration server, configure the mobilecommunication device using the smart contracts, monitor device activityof the mobile communication device, wherein the device activitycomprises at least one data service use for the mobile communicationdevice based on at least one activity performed by the mobilecommunication device, and wherein the at least one activity comprisesidentification of the at least one data service use, and determinewhether the at least one data service use meets, exceeds, or fails tomeet one or more of the smart contracts based at least in part onwhether the identification.

In accordance with another embodiment of the present invention, anothermethod comprises storing smart contracts associated with permissionrules for a mobile communication device, wherein the permission rulescomprise data service uses allowed for the mobile communication devicebased on activities of the mobile communication device, wherein each ofthe smart contracts comprise at least one of the permission rules and aprocessing action performed based on whether the data service usesmeets, exceeds, or fails to meet the at least one of the permissionrules, and wherein the permission rules are set by an administrator ofthe mobile communication device, monitoring device activity of themobile communication device, wherein the device activity comprises atleast one data service use for the mobile communication device based onat least one activity performed by the mobile communication device, andwherein the at least one activity comprises identification of the atleast one data service use, and determining whether the at least onedata service use violates one or more of the smart contracts based atleast in part on whether the identification of the at least one dataservice use is found in the permission rules for the one or more of thesmart contracts.

The scope of the invention is defined by the claims, which areincorporated into this section by reference. A more completeunderstanding of embodiments of the present invention will be affordedto those skilled in the art, as well as a realization of additionaladvantages thereof, by a consideration of the following detaileddescription of one or more embodiments. Reference will be made to theappended sheets of drawings that will first be described briefly.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a block diagram of a system including a Data Monitor tool tomonitor the activities on a wireless device via the device or from thecarrier network, a Data Gateway for collecting the activity on awireless device, and an Alert Monitor in accordance with an embodimentof the present invention.

FIG. 2 is a block diagram of a system including a monitoring toolassociated with a mobile communications device in accordance with anembodiment of the present invention.

FIGS. 3A-3Q illustrate exemplary flowcharts of the monitoring andcollecting (logging) of event activity in FIG. 1 for each of the dataservices of FIG. 2 in accordance with one or more embodiments of thepresent invention.

FIGS. 4A-4B illustrate exemplary table representations of the ActivityLog database of FIG. 1 in accordance with an embodiment of the presentinvention.

FIGS. 5A-D illustrate exemplary table representations of the Permissionsdatabase of FIG. 1 in accordance with an embodiment of the presentinvention.

FIGS. 5E-F illustrate exemplary flowcharts of the establishment ofpermission scenarios for smart contracts and the definition of smartcontract penalties and rewards based on mobile communication devicemonitoring in accordance with one or more embodiments of the presentinvention.

FIGS. 6A-6C illustrate exemplary flowcharts where the data service on awireless device is processed or blocked based on the contextualinformation being passed through the data service in accordance with anembodiment of the present invention.

FIGS. 7A-7B illustrate exemplary flowcharts of the Alert Monitor tool ofFIG. 1 in accordance with an embodiment of the present invention.

FIG. 8 illustrates an exemplary flowchart of a reporting process such asthe Reporting tool in accordance with an embodiment of the presentinvention.

FIG. 9 is a block diagram of a system illustrating techniques to monitorthe activities on a wireless device via data monitoring on the wirelessdevice and/or on a carrier network in accordance with an embodiment ofthe present invention.

FIG. 10 is a block diagram as an example of a specific systemillustrating a monitoring tool associated with a mobile communicationsdevice and/or the carrier network in accordance with an embodiment ofthe present invention.

FIGS. 11 and 12 are block diagrams as examples of specific systemsillustrating a monitoring tool associated with a mobile communicationsdevice and/or the carrier network in accordance with one or moreembodiments of the present invention.

FIGS. 13A-B illustrates an exemplary flowchart for execution of a smartcontract based on mobile communication device usage in accordance withone or more embodiments of the present invention.

Embodiments of the present invention and their advantages are bestunderstood by referring to the detailed description that follows. Itshould be appreciated that like reference numerals are used to identifylike elements illustrated in one or more of the figures.

DETAILED DESCRIPTION

FIG. 1 illustrates a Data Gateway program tool 30 and wireless devices10, 12, and 14 represent users whose activities are monitored accordingto an embodiment of the present invention. Each of the devices 10, 12,and 14 may include a respective Device Data Monitoring program tool 11,13, and 15 which communicates with the Data Gateway 30. For example,wireless devices 10, 12, and 14 include memory and a processorconfigured to run various programs (e.g., software applications) storedin the memory, including respective Data Monitoring program tools 11,13, and 15.

Data services such as application usage and data service uses by thewireless devices 10, 12, and 14 are monitored for activity by theirrespective Data Monitoring program tool 11, 13, and 15 or the CellularNetwork Data Monitor located within the Cellular Service ProviderNetwork 16 which communicates (e.g., via a communication port such asthrough a wireless communication gateway having an antenna) to the DataGateway 30 via a wireless data connection such as provided by a cellularservice provider 16. Alternatively, the devices 10, 12, and 14 may sendtheir activity information through any available communications network(e.g., any standards or protocols) including for example PIN-to-PIN,Wi-Fi, Bluetooth, Personal Area Networks, Near Field Communication,Local Area Networks, and/or Public Networks (e.g., cellular networks,satellite networks, and/or the Internet).

As described in more detail below, the Data Gateway 30 maintains anActivity Log 40 database in a Data Center 17. Activity Log 40 containsan entry for each use of a data service on wireless devices 10, 12, and14. As described in more detail below, Data Center 17 also contains aPermissions 50 database that lists the wireless devices to be monitored(e.g., wireless devices 10, 12, and 14) and the rules to apply to allow,deny, and/or alert of data service activity occurring on the wirelessdevices being monitored. All or a specific portion of Permissions 50database may also be pushed to wireless devices 10, 12, and 14, whichmay include the specific permissions for wireless devices 10, 12, and14, or a copy of permissions, smart contracts, and/or blockchain recordsfor the smart contracts for all of wireless devices 10, 12, and 14.Thus, a Permissions 51 database, a Permissions 52 database, and aPermissions 53 database may reside on each of wireless devices 10, 12,and 14, respectively. Permissions 51, 52, and 53 databases may includethe same or similar information to Permissions 50 database.

An Alert Monitor 70 program waits for new entries to be made intoActivity Log 40. Each new entry is checked against the Permissions 50database. Whenever unauthorized activity is detected, Alert Monitor 70sends an alert to one or more users via Data Gateway 30, such as forexample to a cell phone 18 using SMS Text Messaging or an Email 19account. The preferred method of notification may be maintained in thePermissions 50 database which can support many forms of datacommunications including voice messages, SMS Text Messages, email,and/or any other publicly accepted machine-to-machine communicationsprotocol.

Data Gateway 30 and Alert Monitor 70, in accordance with one or moreembodiments of the present invention, may represent one or morecomputers (e.g., servers or other processor-based systems) forperforming the operations described herein (e.g., by executing softwareand communicating through a gateway or other communication interface),including communicating with Activity Log 40 and Permissions 50databases (e.g., memory such as server-based storage). Data Monitoringprogram tools 11, 13, and 15 may represent, for example, software run bycorresponding processors of wireless devices 10, 12, and 14 or mayrepresent hardware-based systems (e.g., separate processors) forperforming the desired operations described herein.

Furthermore, the various programs or system elements may be combined orbe discreet, as desired for the specific application. For example, DataGateway 30 and Alert Monitor 70 may represent one computer or softwareprogram or separate computers and software programs for performing thevarious functions disclosed herein. Similarly for example, Activity Log40 and Permissions 50 databases may represent one memory or discretememory for storing the information disclosed herein. Additionally, thevarious programs may be stored on a computer-readable medium that may beprogrammed or loaded into a particular device. For example, data monitor11 may be a software program stored on a computer-readable medium orotherwise provided to and programmed into wireless device 10 to performthe desired functions as described herein.

FIG. 2 illustrates in more detail a Device Data Monitor 21 program toolwhich captures the data service activity on a Mobile CommunicationsDevice 20 in accordance with an embodiment of the present invention. Forexample, device data monitor 21 program tool may be an exemplaryrepresentation of data monitor 11, 13, or 15 and similarly mobilecommunications device 20 may be an exemplary representation of device10, 12, or 14. Each Mobile Communications Device 20 contains one or moreapplications that may use a communication protocol (e.g., a conventionalcommunication protocol) to send or receive information (e.g., digitaldata packets or other forms of communications) or provide supportingapplications to facilitate the communications process (e.g., an AddressBook which contains an email address used to send an email communicationand/or a generic device application that may be utilized to perform dataprocessing, transfer, and/or other application and data service uses).

In accordance with an embodiment of the present invention, thesecommunication applications and their supporting applications may bereferred to as a data service. These data services may include one ormore of a Phone Application 22 for sending or receiving voicecommunications, an Email Application 23 for sending or receiving emailcommunications, a SMS Text Application 24 for sending or receiving SMStext messages, an Instant Messaging Application 25 for sending orreceiving instant messages, a Web Browser Application 26 for sending orreceiving HTTP requests and responses, an Address Book Application 27for storing contact information, a Calendar/Task Application 28 forstoring appointment information, an Installation Application (sometimesreferred to herein as an App) 29 for storing information regarding theinstalled applications on the device, a Photo/Video/MultimediaApplication 31 for sending or receiving multimedia files and/or aGeneric Application 33 for executing one or more processes on MobileCommunication Device 20 (e.g., a utility, game, or service applicationincluding a word processing, video game, social networking, financialtransaction processing, shopping, or other type of generic applicationthat includes application usage metrics, such as time, length, type, orother use measurement).

As described in more detail below, Device Data Monitor 21 program toolmonitors the inbound and outbound activity for each of these dataservices and sends a detailed log of these activities to a centralrepository using Cellular Service Provider 16. Alternatively, DataMonitor 21 program tool may send the activity information through anyavailable communications network, such as for example the Internet, acompany network, and/or a public cellular network.

As would be understood by one skilled in the art, embodiments of thepresent invention provide certain advantages over conventionalapproaches. For example, a conventional approach may simply provideparental controls which monitor and block Internet and email access froma desktop and which primarily prevent access to unwanted content orblock the transmission of personally identifiable information or monitorand block the display of inappropriate application store content basedupon the end user's age. Blocking usually results in the child findingan unmonitored computer or changing the age associated with theaccount's profile to access the blocked content. For example, mostgaming consoles today are enabled with Internet access and do notinherently include parental controls and most social networks limitaccess to the profiles of younger account holders but have no way ofverifying the child's age once the date of birth has been updated in theuser's profile. Parental control applications generally do not log theblocked content or monitor application usage initiated from a mobiledevice and none pro-actively notify the parent or administrative user ofthe event. Additionally, none are capable of monitoring a cell phone orother mobile communications device which today have comparablecommunication capabilities as a desktop computer.

As another example of a conventional approach, child and employeemonitoring of application usage and geographic location may be providedfrom a cell phone, but this approach typically requires an active searchby the parent or manager to locate the device or reviewing device datausage and processing days or weeks after completion. Perimeterboundaries or virtual fencing could be deployed using existing locationtechnology, but again all of these location approaches areafter-the-fact of direct contact with a predator or after a potentiallylife threatening event is in progress.

In contrast in accordance with one or more embodiments of the presentinvention, systems and methods are disclosed for example to detect thepotentially life threatening event before physical contact is made withthe user of a monitored wireless device, and/or to use perimeterboundaries (virtual fencing) along with time of day restrictions todetect and/or block unauthorized use of the child's digital wallet. Asan example, Mobile Communications Device 20 may include a GPS-based orother type of location-determination application (e.g., as part of phoneapplication 22 or Device Data Monitor 21) that periodically orcontinuously determines the location of Mobile Communications Device 20,with this location information provided to Data Center 17 (e.g., storedin Activity Log 40) via Data Monitor 21 with an optional alert providedto an administrator (e.g., parent) based on location parameter settings(e.g., virtual fence). For example, the GPS information may be providedby Device Data Monitor 21 to Data Center 17, where it is stored inactivity log 40, and an alert provided to the administrator if theMobile Communications Device 20 enters a restricted area or proceedsoutside of a defined geographic region or utilize an application in arestricted area or within a time of day restriction. In general, DataMonitor 21 provides various information to Data Center 17 to permit anadministrator (e.g., parent or manager) to monitor the activities (e.g.,location, communications with a third party, and/or changes toapplications or other data within Mobile Communications Device 20) of auser of Mobile Communications Device 20, with an optional alert providedto the administrator if an unauthorized activity occurs.

For example, FIG. 3A illustrates a data flowchart for the capturing ofan inbound voice call using Phone Application 22 on MobileCommunications Device 20 in accordance with an embodiment of the presentinvention. Initially, in step 110, a phone call is received on MobileCommunications Device 20. In step 120, Data Monitor 21 located on theMobile Communications Device 20 or within the Cellular Service ProviderNetwork 16 (as examples) recognizes that Phone Application 22 dataservice has been initiated and begins to capture information regardingthe use of the data service including, for example, the unique Device IDof the Mobile Communications Device 20, the start and end date/timestamp of the call, the originating phone number, and/or any contextualdata. Once the call has been terminated (step 130), Data Monitor 21formats a data packet which includes the collected information (ActivityRecord) and sends one or more data packets to the central repositorylocated in Data Center 17. In step 140, Data Gateway 30 located in DataCenter 17 receives the data packet(s) and then writes the data packet(s)in step 150 to Activity Log 40, a central repository for all datacollected from Mobile Communications Device 20.

Data gateway 30 may optionally write the data packet (s) in step 150 ina signed (e.g., digitally signed) fashion to activity log 40, inaccordance with an embodiment of the present invention. For example, theactivity record may be signed to identify (e.g., authenticate) theinformation and provide a chain of custody and authenticity for thestored information (e.g., for custody of evidence or other documentationrequirements), as would be understood by one skilled in the art.Furthermore as a specific example, Data Gateway 30 may optionallyprovide encryption and decryption processing for information related tothe activity record and/or additional information, such as through theuse of any one of several private or public key encryption or signaturealgorithms including the RSA algorithm (by RSA Security of Bedford,Mass.), the Digital Encryption Standard (DES), the Advanced EncryptionStandard (AES), and broad families of signature or hash algorithms suchas the Secure Hash Algorithm (SHA) and the Message Digest (MD)algorithm.

In general depending upon the level of security desired and the specificrequirements or applications, the activity record may not have to beencrypted. For example, by not encrypting the activity record,considerable savings may be achieved in terms of processing, powersavings, time, and/or memory. Thus, the activity record may be securelyrecorded and validated by generating an associated signature that can beverified. Consequently, the activity record is viewable and useable in aconventional fashion, but is also verifiable through the signature(e.g., for chain of custody or other evidentiary purposes), as would beunderstood by one skilled in the art.

FIG. 3B illustrates a data flowchart for the capturing of an outboundvoice call using Phone Application 22 on Mobile Communications Device 20in accordance with an embodiment of the present invention. Initially, instep 111, a phone call is placed from Mobile Communications Device 20.In step 121, Data Monitor 21 located on the Mobile Communications Device20 or within the Cellular Service Provider Network 16 (as examples)recognizes that Phone Application 22 data service has been initiated andbegins to capture information regarding the use of the data serviceincluding, for example, the unique Device ID of Mobile CommunicationsDevice 20, the start and end date/time stamp of the call, thedestination phone number, and/or any contextual data. Once the call hasbeen terminated (Step 130), Data Monitor 21 formats a data packet whichincludes the collected information (Activity Record) and sends one ormore data packets to the central repository located in Data Center 17.In step 140, Data Gateway 30 located in Data Center 17 receives the datapacket(s) and then writes the data packet(s) in step 150 (e.g.,optionally in a signed and/or encrypted fashion as discussed inreference to FIG. 3A) to Activity Log 40, a central repository for alldata collected from Mobile Communications Device 20.

FIG. 3C illustrates a data flowchart for the capturing of an inboundemail message using Email Application 23 on Mobile Communications Device20 in accordance with an embodiment of the present invention. Initially,in step 112, an email message is received on Mobile CommunicationsDevice 20. In step 122, Data Monitor 21 located on the MobileCommunications Device 20 or within the Cellular Service Provider Network16 (as examples) recognizes that Email Application 23 data service hasbeen initiated and begins to capture information regarding the use ofthe data service including, for example, the unique Device ID of MobileCommunications Device 20, the date/time stamp of the message, theoriginating email address, and/or any contextual data. Once the messagehas been received (Step 130), Data Monitor 21 formats a data packetwhich includes the collected information (Activity Record) and sends oneor more data packets to the central repository located in Data Center17. In step 140, Data Gateway 30 located in the Data Center 17 receivesthe data packet(s) and then writes the data packet(s) in step 150 (e.g.,optionally in a signed and/or encrypted fashion as discussed inreference to FIG. 3A) to Activity Log 40, a central repository for alldata collected from Mobile Communications Device 20.

FIG. 3D illustrates a data flowchart for the capturing of an outboundemail message using Email Application 23 on Mobile Communications Device20 in accordance with an embodiment of the present invention. Initially,in step 113, an email message is sent from Mobile Communications Device20. In step 123, Data Monitor 21 located on the Mobile CommunicationsDevice 20 or within the Cellular Service Provider Network 16 (asexamples) recognizes that Email Application 23 data service has beeninitiated and begins to capture information regarding the use of thedata service including, for example, the unique Device ID of MobileCommunications Device 20, the date/time stamp of the message, thedestination email address, and/or any contextual data. Once the messagehas been sent (Step 130), Data Monitor 21 formats a data packet whichincludes the collected information (Activity Record) and sends one ormore data packets to the central repository located in Data Center 17.In step 140, Data Gateway 30 located in Data Center 17 receives the datapacket(s) and then writes the data packet(s) in step 150 (e.g.,optionally in a signed and/or encrypted fashion as discussed inreference to FIG. 3A) to Activity Log 40, a central repository for alldata collected from Mobile Communications Device 20.

FIG. 3E illustrates a data flowchart for the capturing of an inboundtext message using SMS Text Application 24 on Mobile CommunicationsDevice 20 in accordance with an embodiment of the present invention.Initially, in step 114, a text message is received on MobileCommunications Device 20. In step 124, Data Monitor 21 located on theMobile Communications Device 20 or within the Cellular Service ProviderNetwork 16 (as examples) recognizes that SMS Text Application 24 dataservice has been initiated and begins to capture information regardingthe use of the data service including, for example, the unique Device IDof Mobile Communications Device 20, the date/time stamp of the message,the originating phone number, and/or any contextual data. Once themessage has been received (Step 130), Data Monitor 21 formats a datapacket which includes the collected information (Activity Record) andsends one or more data packets to the central repository located in DataCenter 17. In step 140, Data Gateway 30 located in Data Center 17receives the data packet(s) and then writes the data packet(s) in step150 (e.g., optionally in a signed and/or encrypted fashion as discussedin reference to FIG. 3A) to Activity Log 40, a central repository forall data collected from Mobile Communications Device 20.

FIG. 3F illustrates a data flowchart for the capturing of an outboundtext message using SMS Text Application 24 on Mobile CommunicationsDevice 20 in accordance with an embodiment of the present invention.Initially, in step 115, a text message is sent from MobileCommunications Device 20. In step 125, Data Monitor 21 located on theMobile Communications Device 20 or within the Cellular Service ProviderNetwork 16 (as examples) recognizes that SMS Text Application 24 dataservice has been initiated and begins to capture information regardingthe use of the data service including, for example, the unique Device IDof Mobile Communications Device 20, the date/time stamp of the message,the destination phone number, and/or any contextual data. Once themessage has been sent (Step 130), Data Monitor 21 formats a data packetwhich includes the collected information (Activity Record) and sends oneor more data packets to the central repository located in Data Center17. In step 140, Data Gateway 30 located in Data Center 17 receives thedata packet(s) and then writes the data packet(s) in step 150 (e.g.,optionally in a signed and/or encrypted fashion as discussed inreference to FIG. 3A) to Activity Log 40, a central repository for alldata collected from Mobile Communications Device 20.

FIG. 3G illustrates a data flowchart for the capturing of an inboundinstant message using Instant Messaging Application 25 on MobileCommunications Device 20 in accordance with an embodiment of the presentinvention. Initially, in step 116, an instant message is received onMobile Communications Device 20. In step 126, Data Monitor 21 located onthe Mobile Communications Device 20 or within the Cellular ServiceProvider Network 16 (as examples) recognizes that Instant MessagingApplication 25 data service has been initiated and begins to captureinformation regarding the use of the data service including, forexample, the unique Device ID of Mobile Communications Device 20, thedate/time stamp of the message, the originating username, and/or anycontextual data. Once the message has been received (Step 130), DataMonitor 21 formats a data packet which includes the collectedinformation (Activity Record) and sends one or more data packets to thecentral repository located in Data Center 17. In step 140, Data Gateway30 located in Data Center 17 receives the data packet(s) and then writesthe data packet(s) in step 150 (e.g., optionally in a signed and/orencrypted fashion as discussed in reference to FIG. 3A) to Activity Log40, a central repository for all data collected from MobileCommunications Device 20.

FIG. 3H illustrates a data flowchart for the capturing of an outboundinstant message using Instant Messaging Application 25 on MobileCommunications Device 20 in accordance with an embodiment of the presentinvention. Initially, in step 117, an instant message is sent fromMobile Communications Device 20. In step 127, Data Monitor 21 located onthe Mobile Communications Device 20 or within the Cellular ServiceProvider Network 16 (as examples) recognizes that Instant MessagingApplication 25 data service has been initiated and begins to captureinformation regarding the use of the data service including, forexample, the unique Device ID of Mobile Communications Device 20, thedate/time stamp of the message, the destination username, and/or anycontextual data. Once the message has been sent (Step 130), Data Monitor21 formats a data packet which includes the collected information(Activity Record) and sends one or more data packets to the centralrepository located in Data Center 17. In step 140, Data Gateway 30located in Data Center 17 receives the data packet(s) and then writesthe data packet(s) in step 150 (e.g., optionally in a signed and/orencrypted fashion as discussed in reference to FIG. 3A) to Activity Log40, a central repository for all data collected from MobileCommunications Device 20.

FIG. 3I illustrates a data flowchart for the capturing of an HTTP(Internet) request using Web Browser Application 26 on MobileCommunications Device 20 in accordance with an embodiment of the presentinvention. Initially, in step 118, an HTTP request is sent from MobileCommunications Device 20. In step 128, Data Monitor 21 located on theMobile Communications Device 20 or within the Cellular Service ProviderNetwork 16 (as examples) recognizes that Web Browser Application 26 dataservice has been initiated and begins to capture information regardingthe use of the data service including, for example, the unique Device IDof Mobile Communications Device 20, the date/time stamp of the request,the destination URL, and/or any contextual data. Once the request hasbeen completed (Step 130), Data Monitor 21 formats a data packet whichincludes the collected information (Activity Record) and sends one ormore data packets to the central repository located in Data Center 17.In step 140, Data Gateway 30 located in Data Center 17 receives the datapacket(s) and then writes the data packet(s) in step 150 (e.g.,optionally in a signed and/or encrypted fashion as discussed inreference to FIG. 3A) to Activity Log 40, a central repository for alldata collected from Mobile Communications Device 20.

FIG. 3J illustrates a data flowchart for the capturing of a change tothe address book using Address Book Application 27 on MobileCommunications Device 20 in accordance with an embodiment of the presentinvention. Initially, in step 119, an add, modify, or delete addressbook transaction is initiated on Mobile Communications Device 20. Instep 129, Data Monitor 21 recognizes that Address Book Application 27data service has been initiated and begins to capture informationregarding the use of the data service including, for example, the uniqueDevice ID of Mobile Communications Device 20, the date/time stamp of thechange, and/or any contextual information such as the phone number orname that was changed. Once the transaction has been completed (Step130), Data Monitor 21 formats a data packet which includes the collectedinformation (Activity Record) and sends one or more data packets to thecentral repository located in Data Center 17. In step 140, Data Gateway30 located in Data Center 17 receives the data packet(s) and then writesthe data packet(s) in step 150 (e.g., optionally in a signed and/orencrypted fashion as discussed in reference to FIG. 3a ) to Activity Log40, a central repository for all data collected from MobileCommunications Device 20, and to Address Book 60, a central repositorybackup for all address book records residing on Mobile CommunicationsDevice 20.

FIG. 3K illustrates a data flowchart for the capturing of a change tothe calendar using Calendar/Task Application 28 on Mobile CommunicationsDevice 20 in accordance with an embodiment of the present invention.Initially, in step 131, an add, modify, or delete calendar transactionis initiated on Mobile Communications Device 20. In step 132, DataMonitor 21 recognizes that Calendar/Task Application 28 data service hasbeen initiated and begins to capture information regarding the use ofthe data service including, for example, the unique Device ID of MobileCommunications Device 20, the date/time stamp of the change, and/or anycontextual information such as the date or meeting location that waschanged. Once the transaction has been completed (Step 130), DataMonitor 21 formats a data packet which includes the collectedinformation (Activity Record) and sends one or more data packets to thecentral repository located in Data Center 17. In step 140, Data Gateway30 located in Data Center 17 receives the data packet(s) and then writesthe data packet(s) in step 150 (e.g., optionally in a signed and/orencrypted fashion as discussed in reference to FIG. 3A) to Activity Log40, a central repository for all data collected from MobileCommunications Device 20, and optionally to Calendar 70, a centralrepository backup for all calendar records residing on MobileCommunications Device 20.

FIG. 3L illustrates a data flowchart for the capturing of a change tothe task list using Calendar/Task Application 28 on MobileCommunications Device 20 in accordance with an embodiment of the presentinvention. Initially, in step 133, an add, modify, or delete tasktransaction is initiated on Mobile Communications Device 20. In step134, Data Monitor 21 recognizes that Calendar/Task Application 28 dataservice has been initiated and begins to capture information regardingthe use of the data service including, for example, the unique Device IDof Mobile Communications Device 20, the date/time stamp of the change,and/or any contextual information such as the date or task details thatwere changed. Once the transaction has been completed (Step 130), DataMonitor 21 formats a data packet which includes the collectedinformation (Activity Record) and sends one or more data packets to thecentral repository located in Data Center 17. In step 140, Data Gateway30 located in Data Center 17 receives the data packet(s) and then writesthe data packet(s) in step 150 (e.g., optionally in a signed and/orencrypted fashion as discussed in reference to FIG. 3A) to Activity Log40, a central repository for all data collected from MobileCommunications Device 20, and optionally to Tasks 80, a centralrepository backup for all task records residing on Mobile CommunicationsDevice 20.

FIG. 3M illustrates a data flowchart for the capturing of a change tothe list of installed applications on Mobile Communications Device 20using Installation Application 29 on Mobile Communications Device 20 inaccordance with an embodiment of the present invention. Initially, instep 135, an add, modify, or delete of an application is initiated onMobile Communications Device 20. In step 136, Data Monitor 21 recognizesthat Installation Application 29 data service has been initiated andbegins to capture information regarding the use of the data serviceincluding the unique Device ID of Mobile Communications Device 20, thedate/time stamp of the change, and/or any contextual information such asthe name of the application(s) that were changed. Once the transactionhas been completed (Step 130), Data Monitor 21 formats a data packetwhich includes the collected information (Activity Record) and sends oneor more data packets to the central repository located in Data Center17. In step 140, Data Gateway 30 located in Data Center 17 receives thedata packet(s) and then writes the data packet(s) in step 150 (e.g.,optionally in a signed and/or encrypted fashion as discussed inreference to FIG. 3A) to Activity Log 40, a central repository for alldata collected from Mobile Communications Device 20.

FIG. 3N illustrates a data flowchart for the capturing of an inboundphoto, video, or other multimedia file using Photo/Video/MultimediaApplication 31 on Mobile Communications Device 20 in accordance with anembodiment of the present invention. Initially, in step 139, amultimedia file is received on Mobile Communications Device 20. In step141, Data Monitor 21 recognizes that the Photo/Video/MultimediaApplication 31 data service has been initiated and begins to captureinformation regarding the use of the data service including, forexample, the unique Device ID of Mobile Communications Device 20, thedate/time stamp of the file transfer, an origination ID such as theoriginating phone number, username or link, and/or any contextualinformation contained in the file. Once the message has been received(Step 130), Data Monitor 21 formats a data packet which includes thecollected information (Activity Record) and sends one or more datapackets to the central repository located in Data Center 17. In step140, Data Gateway 30 located in Data Center 17 receives the datapacket(s) and then writes the data packet(s) in step 150 (e.g.,optionally in a signed and/or encrypted fashion as discussed inreference to FIG. 3A) to Activity Log 40, a central repository for alldata collected from Mobile Communications Device 20.

FIG. 3O illustrates a data flowchart for the capturing of an outboundphoto, video, or other multimedia file using Photo/Video/MultimediaApplication 31 on Mobile Communications Device 20 in accordance with anembodiment of the present invention. Initially, in step 142, amultimedia file is sent from Mobile Communications Device 20. In step143, Data Monitor 21 recognizes that Photo/Video/Multimedia Application31 data service has been initiated and begins to capture informationregarding the use of the data service including, for example, the uniqueDevice ID of Mobile Communications Device 20, the date/time stamp of thefile transfer, a destination ID such as the destination phone number,username or link, and/or any contextual information contained in thefile. Once the message has been sent (Step 130), Data Monitor 21 formatsa data packet which includes the collected information (Activity Record)and sends one or more data packets to the central repository located inData Center 17. In step 140, Data Gateway 30 located in Data Center 17receives the data packet(s) and then writes the data packet(s) in step150 (e.g., optionally in a signed and/or encrypted fashion as discussedin reference to FIG. 3A) to Activity Log 40, a central repository forall data collected from Mobile Communications Device 20.

FIG. 3P illustrates a data flowchart for detecting applicationinitiation and usage using Generic Application 33 on MobileCommunications Device 20 in accordance with an embodiment of the presentinvention. Initially, in step 144, a general purpose application, suchas Generic Application 33, is started on Mobile Communications Device20, for example, by opening and initiating the application. The generalpurpose application may further be used to execute processes, provideinput/output, and generally perform other application tasks, which mayinclude application usage metrics or measurement (e.g., computing powerrequired, data services use, time/length of use, type of use,in-application communications, or other application use). In step 145,Data Monitor 21 located either on the Mobile Communications Device 20 orwithin the Cellular Service Provider Network 16 (e.g. Network DataMonitor 200 as discussed in reference to FIG. 11) recognizes thatGeneric Application 33 data service has been initiated and begins tocapture information regarding the use of the data service including, forexample, the unique Device ID of the Mobile Communications Device 20,the date/time stamp of the application usage, the application usagemetrics (e.g., time/length of use, type of use, communications withalternate parties, computational and/or network resources consumed,etc.), an application identity (ID), and/or any contextual dataassociated with the application usage. Once the use of data services ofMobile Communication Device 20 is captured, (step 130), Data Monitor 21formats a data packet which includes the collected information (e.g., inan Activity Record) and sends one or more data packets to the centralrepository located in Data Center 17. In step 140, Data Gateway 30located in Data Center 17 receives the data packet(s) and then writesthe data packet(s) in step 150 (e.g., optionally in a signed and/orencrypted fashion as discussed in reference to FIG. 3A) to Activity Log40, a central repository for all data collected from MobileCommunications Device 20.

FIG. 3Q illustrates a data flowchart for the capturing of an outboundfinancial transaction using Generic Application 33 on MobileCommunications Device 20 in accordance with an embodiment of the presentinvention. Initially, in step 146, a financial transaction is sent fromMobile Communications Device 20. In step 147, Data Monitor 21 locatedeither on the Mobile Communications Device 20 or within the CellularService Provider Network 16 (e.g. Network Data Monitor 200 as discussedin reference to FIG. 11) recognizes that Generic Application 33 dataservice has been initiated and begins to capture information regardingthe use of the data service including, for example, the unique Device IDof the Mobile Communications Device 20, the date/time stamp of theapplication usage, the application usage metrics, the application ID,and/or any contextual data associated with the application's dataservice use. Once the application usage has been completed (step 130),Data Monitor 21 formats a data packet which includes the collectedinformation (e.g., in an Activity Record) and sends one or more datapackets to the central repository located in Data Center 17. In step140, Data Gateway 30 located in Data Center 17 receives the datapacket(s) and then writes the data packet(s) in step 150 (e.g.,optionally in a signed and/or encrypted fashion as discussed inreference to FIG. 3A) to Activity Log 40, a central repository for alldata collected from Mobile Communications Device 20.

One aspect of the monitoring capabilities in accordance with one or moreembodiments of the present invention is the ability for the applicationto successfully log the activity that is occurring on MobileCommunications Device 20 into a centrally located Activity Log 40. Anexemplary structure for Activity Log 40 database is shown in tabularform in FIGS. 4A and 4B in accordance with an embodiment of the presentinvention.

The first column identifies a unique key (referred to in FIG. 4A asRecord ID) that is automatically assigned to each row of the database.This is followed by a unique Account ID which identifies the accountassociated with the log record, the data service that was invoked(referred to in FIG. 4A a Message Type), and whether the communicationwas inbound (in) or outbound (out) from the Mobile Communications Device20. In certain embodiments, the message type and the in/out field maycorrespond to different data, such as an application type, or may beomitted where the application and data service use is on-device. TheStart Time is a date/time stamp identifying the start of a data serviceuse, completion of a data service or financial transaction, or startingusage of a particular application. The End Time is a date/time stampidentifying the completion of a call, data service, and/or applicationusage.

The Caller ID field shows the originating phone number, email address,merchant ID or username for inbound communications or data service usesand the destination phone number, email address, merchant ID or usernamefor outbound communications or data service uses, as necessary. The Logfield collects contextual information regarding the transaction whichcan include the contents of an email message, instant message, textmessage, debit or credit card transaction details (e.g., an amount or acard name or other card identifier), or any other form of information inaccordance with some embodiments, including audio, photo, video, textualdata, and/or multimedia information. This may also include specificapplication usage metrics and/or application ID or type.

The remaining fields found in FIG. 4B are supplemental data elementsassociated with a data transaction with a mobile device such as MobileCommunications Device 20 in accordance with one or more embodiments ofthe present invention. These data elements are optional and may beimplemented and may be used, for example, for legal proceedings andother supplemental applications. The Long field shows the Longitude ofthe phone at the time of the transaction. The Lat field shows theLatitude of the phone at the time of the transaction (e.g., informationprovided by GPS, cell-based location applications, or network-basedlocation applications as discussed previously herein). The CRC (cyclicredundancy code) field is the digital signature information of thedatabase record to ensure its authenticity (e.g., as discussed inreference to FIG. 3A), which may be used to provide the CRC checksum orother types of error-detecting code information desired. The Auth fieldis the method of authentication used such as Biometric, password, noauthentication (N/A), none, etc. The Auth ID field (e.g., authorizationidentification) is the identity of the person that authorized thetransaction. The Carrier Log Auth field (e.g., authorization field) isthe record number of the carrier's accounting system which relates tothe transaction (e.g., cell phone carrier, financial transaction entity,or other data communication provider information as discussed inreference to, for example FIG. 1, depending on the type of datacommunication and/or financial transaction).

The rules that govern the access to data services on MobileCommunications Device 20 are maintained, for example, in Permissions 50database. In accordance with an embodiment of the invention, thisdatabase would be accessible by the owner of the account using an HTMLweb interface. Exemplary structures for Permissions 50 database areshown in tabular form in FIGS. 5A-D in accordance with an embodiment ofthe present invention. Permission 50 database may include structuresshown in each of FIGS. 5A-D and is not limited to a single embodiment ofPermission 50 database in FIGS. 5A-D.

FIG. 5A demonstrates particular permission rules, which individually orin groups may be used to generate a permission scenario that ismonitored using a mobile device for enforcement of a smart contract(e.g., completion of contract terms, violation of contract terms, orotherwise perform the required duties under the smart contract). Thefirst column, Permission ID, identifies a unique key that isautomatically assigned to each row of the database. This is followed byan Account ID which identifies the account associated with thepermission record. The next field lists the Data Service for which therules are to be applied, followed by the specific rules as to allow ordeny access to that data service on the Mobile Communications Device 20.

As an example, a value of true in the Allow column would allow the useof that data service on the Mobile Communications Device 20, while avalue of false in the Allow column would deny the use of that dataservice for the Mobile Communications Device 20. As another example, inaccordance with an alternate embodiment of the present invention, wouldbe to allow or deny use of the data service based on the applicationusage and constraints on application usage. The Constraint column mayblock a specific user or use of a data service. In FIG. 5A, row 103shows Constraint as blocking a specific user. Row 108 shows a dataservice use as a game application usage, where Constraint column shows alimit of 10 hours per week. Thus, the permission for row 108 may limitapplication usage of the game application to 10 hours per week, andtrack the data service use of the game application.

Additionally, Permission IDs for particular permission rules and/orpermission scenarios may be established for other types of smartcontract monitoring. For example, a smart contract may be establishedfor the shipment of goods, where the contract between parties isestablished as code that monitors the completion of shipment for thegoods through data captured by a device. Thus, a device may capture datathrough device activity, which could include using a photograph with adate/time stamp and geo location at the receipt point as proof ofdelivery. Thus, the permission ID does not monitor the specific use ofthe mobile device as a term of the contract but instead uses the mobiledevice's monitoring capability to confirm a term of the smart contractfor the shipment of goods. Other types of mobile device's monitoringcapabilities may also be used to verify a smart contract that does notallow/restrict specific device data service uses based on deviceactivity. For example, the mobile device's microphone, camera, touchscreen, keyboard, or other input mechanism may be used to capture datafor a smart contract and enforce the terms of the smart contract. Themobile device may also be used to capture time stamps, geo-locations,and other metadata associated with captured data.

The Alert Type and Alert Number fields identify the correspondingpreferred method of alert notification and related contact information(e.g., email address, phone number, etc. to use to provide the alert).Alert type may further include an executable process or other actionthat may be taken based on whether the data service use is allowed orrestricted. For row 105 and 108, the data service use is logged, and maybe used to determine a penalty or reward based on completing or failingthe corresponding constraint for the data service use. Multiple entriesin the Alert Number field would be used to alert multiple users of anunauthorized event as exemplified in Record ID rows 103 of FIG. 5A inaccordance with an embodiment of the present invention.

As shown in FIG. 5A, Permissions 50 database may include rulesassociated with financial transactions as exemplified in Permission IDrow 107 of FIG. 5A associated with a “Wallet” data service (e.g., awallet application such as a digital or mobile wallet application thatexecutes some or all of a financial transaction associated with, forexample, a mobile communications device). As shown in FIG. 5A,Permissions 50 database may also include rules associated withapplication usage as exemplified in Permission ID row 108 of FIG. 5Aassociated with a Game data service (e.g., the Generic Application 33that may be used to perform computing actions, such as a video game, onMobile Communication Device 20). Thus, row 108 identifies a permissionrule for a video game application that monitors in-game time by MobileCommunication Device 20.

FIG. 5B illustrates an exemplary structure for Permissions 50 databaseshown in tabular form, where the structure in Permissions 50 databasemay define the name for a permission scenario (one or more rules fromFIG. 5A that must be true for the scenario to pass). Thus, the exemplarydata structure for a permission scenario may include one or morepermission IDs for permission rules defined for particular smartcontract, such as permission rules for an agreed contract between two ormore parties.

The first column of FIG. 5B includes Scenario IDs for each individualpermission scenario, which identifies a unique key that is automaticallyassigned to each row of the database. This is followed by an Account IDwhich identifies the account associated with the permission scenario ID.Finally, the last column contains a descriptive name for the permissionscenario. A scenario in FIG. 5B may define restricted, allowed, and/ormonitored device usage of a mobile communication device for a smartcontract that provides a penalty or reward based on completing orviolating terms of the smart contract (e.g., performingallowed/restricted device activities based on permission rule(s) for apermission scenario of the smart contract). A scenario may alsocorrespond to contractual actions or terms between two or more partiesthat are required to be performed for a smart contract, where the terms(e.g., one or more rules) may be monitored using a mobile communicationdevice having monitoring capabilities (e.g., for recording data todetermine whether the contractual terms are completed or violated).Thus, a scenario may in Permission 50 database in FIG. 5B may includecode for the permission ID(s) that constitute the particular terms orrequirements under a smart contract.

FIG. 5C illustrates an exemplary structure for Permissions 50 databaseshown in tabular form, where the structure in Permissions 50 databasemay correspond to smart contracts generated using a permission scenarionamed in FIG. 5B. The permission scenarios govern the set of permissionsthat may be required to be monitored to determine whether the smartcontract is fulfilled.

Permission 50 database in FIG. 5C may be used to define the rules inFIG. 5A that are to be associated with a permission scenario named inFIG. 5B to generate the terms of a smart contract, which may be enforcedon Mobile Communication Device 20 through the use of a blockchain recordand Data Monitor 21 for Mobile Communication Device 20.

The first column of FIG. 5C includes Record IDs which identifies aunique key that is automatically assigned to each row of the database.Record IDs may therefore be utilized to identify and perform lookup of asmart contract based on monitored activity, either on-device or by adevice's monitoring capability of other data captured by the device.This is followed by a Scenario ID which identifies the scenario or smartcontract from FIG. 5B. The next field lists the Account ID whichidentifies the account associated with the scenario or smart contract.The fourth column is the Permission ID for a particular rule to beincluded in this scenario or smart contract from FIG. 5A.

For example, Record ID 1000 has a scenario ID 300 that is used byaccount ID 200 which has an applied permission ID 102 to block the SMSdata service. The Record ID of 1007 is associated with a request tomonitor Facebook® usage for account ID 202. Other types of permissionsmay include different data monitoring requests and/or limits on dataservice uses. For example, game time, texting, and/or phone calls may bemonitored. In other embodiments, data service and application usage maybe enabled or disabled for particular device applications and/or devicedata service uses or enabled or disabled during certain times of theday.

The smart contracts in FIG. 5C may be generated using the permissionscenarios with particular processing actions to be executed in responseto the device activity that is monitored and the permission scenariosfor allowed/restricted usage. Thus, a record ID for a particular smartcontract may further include a triggering condition that implements apenalty or reward for the corresponding user ID and/or resource ID. Apenalty may limit application or device data service use, or may deductvalue from a digital wallet (including virtual values, cryptocurrency,and/or fiat). For example, Mobile Communication Device 20 may berequired to provide compensation if a smart contract is violated, or mayhave restricted access and/or use of an application or data service.Conversely, a benefit may provide increased or relaxeddevice/application data service use, or may provide a value to MobileCommunication Device 20's digital wallet.

Smart contracts shown in Permission 50 database for FIG. 5D may berecorded in a trusted manner using a blockchain. The administrator maygenerate a smart contract using Permission 50 database by designatingpermission rules and generating a permission scenario shown in theScenario ID column. The monitoring may therefore determine compliance orviolation of the scenario ID.

Once the smart contract corresponding to Record ID 100 in FIG. 5D iscreated for example, the administrator device or server may write thesmart contract to a selected blockchain, which may be publicly orprivately administered. In other embodiments, other types of contractvalidation and verification may be performed. The blockchain record ofthe smart contract(s) may provide a distributed manner to verify thesmart contracts and prevent changes to the smart contract. This allowsthe administrator device, Mobile Communication Device 20, or otherentity to confirm the smart contract and determine whether data serviceuses are allowed or restricted under the permission scenario for thesmart contract.

The permission scenario for each smart contract for Mobile CommunicationDevice 20 may be pushed to Mobile Communication Device 20. Thepermission scenarios may also be stored in a remote server formonitoring of data usage and determination of fulfillment of the smartcontract on the blockchain. Thus, Data Monitor 21 on MobileCommunication Device 20 may monitor data service use and otherapplication usage and process the data service use with the smartcontracts to determine fulfillment or violation of the smart contracts.In further embodiments, other data monitors, such as another device'sdata monitor, Cellular Network Data Monitor 200 and/or Alert Monitor 70may perform the monitoring and processing of data service uses with thesmart contracts to determine whether data service uses are allowed orrestricted.

A permission scenario may be utilized with penalties and rewards asshown in FIG. 5D to enforce a smart contract. FIG. 5D illustrates anexemplary structure for Permissions 50 database shown in tabular form,where the structure in Permissions 50 database may correspond topenalties and rewards for the smart contract shown in FIG. 5C aftermonitoring device and application data service uses. Permission 50database in FIG. 5D may be used with permission scenarios in FIG. 5B andthe smart contracts in FIG. 5C to enforce smart contracts. For example,the rewards and penalties in FIG. 5D may be provided to a user and/ordevice based on comparing monitored data to a smart contract that isrecorded by a blockchain record or other contract verification process.Thus, FIG. 5D shows the implementation of a reward or penalty based onmonitored data and the successful completion or failure of contractualrequirements for a smart contract.

The first column of FIG. 5D includes Record IDs for each individualsmart contract, which identifies a unique key that is automaticallyassigned to each row of the database. The next field lists a Scenario IDrepresenting an individual smart contract defined in FIG. 5B that usesthe rules from FIG. 5A in an association that is defined in FIG. 5C.This is followed by a result of the smart contract, which corresponds towhether the data service uses of Mobile Communication Device 20 passedor failed the smart contract (e.g., whether those usages were allowed orrestricted based on the permission scenario of the smart contract). Thefourth column includes the interval that the smart contract ismonitored. Finally, the last three columns contain the resultingprocessing actions that are to be taken, the data service effected(eWallet, Facebook, SMS), the action to be taken (Pay, Deduct, Allow,Deny), and the value (monetary penalty or reward) or duration (length ofpenalty or reward to be applied to a data service).

For example, a record ID 100 a passing rule for the Scenario ID 300during a weekly monitoring interval. This indicates that in the eventthat the device's usage complied with Scenario ID 300 and did notperform data service uses that were restricted under scenario ID 300 (orperformed allowed/required data service use for scenario ID 300). Thus,a reward of 10 tokens is applied to an eWallet of the correspondingdevice. Other rewards may include additional or relaxeddevice/application usage, as shown in record ID 104 that allows games onthe corresponding device for a week. In other embodiments, data serviceuse may fail a smart contract. For example, record ID 101 shows that adaily monitoring of scenario ID 301 imposed a 10 token deduction fromthe device's digital wallet. Other types of restricteddevice/application usage may also be applied as a penalty, such asblocking games for 3 days in the contractual failure under record ID102, or blocking social networking for a week for record ID 103.

FIGS. 5E-F illustrate exemplary flowcharts of the establishment ofpermission scenarios for smart contracts and the definition of smartcontract penalties and rewards based on mobile communication devicemonitoring in accordance with one or more embodiments of the presentinvention. FIG. 5E shows the generation and establishment of a smartcontract between an Administrator User 3000 and a Monitored User 3002,such as a user using Mobile Communication Device 10. Administrator User3000 may correspond to a parent, guardian, or employer, or otheradministrator of Monitored User 3002, such as a child, employee, orother user of the monitored device.

The flowchart of FIG. 5E starts at step 400, where permission scenariosalong with rewards, penalties, and triggers are combined in a smartcontract. The permission scenarios may correspond to a string orgrouping of permission rules that serve to define a particular smartcontract and the corresponding allowed/restricted data service uses(e.g., the triggering condition of a reward or penalty). AdministratorUser 3000 may generate the smart contract using Permission 50 databasediscussed in reference to FIGS. 5A-D. The smart contract may then besigned by the parties at step 402, which may be performed by verifyingthe smart contract and validating acceptance of the terms of the smartcontract. This smart contract may be therefore be verified by bothAdministrator User 3000 and Monitored User 3002. Additionally, the smartcontract may be validated for monitoring of Cellphone 10 or other MobileCommunication Device 20 using Device Data Monitor 11 and Permissions 51database on Cellphone 10. The smart contract may also be stored withPermission 50 database for monitoring and enforcement by other devices.

FIG. 5E shows the generation and establishment of a smart contractbetween Administrator User 3000 and Monitored User 3002, such as userusing Cellphone 10 or another Mobile Communication Device 20.Administrator User 3000 may correspond to a parent, guardian, oremployer, or other administrator of Monitored User 3002, such as achild, employee, or other user of the monitored device. Once a smartcontract is generated and signed, confirmation of the smart contract maybe required to allow the independent parties (e.g., Administrator User3000 and a Monitored User 3002) to confirm the contracts details,prevent changing of the digital smart contract, and enforce the smartcontract through data service use monitoring.

The smart contract generated and stored by Permission 50 database mayalso be recorded in a blockchain or other proprietary database thatprovides digital contract verification, at step 404 of FIG. 5F. This mayinclude writing the smart contract to a record block in a PublicBlockchain 54, a Private Blockchain 55, or a proprietary Smart ContractDatabase 56. Public Blockchain 54, Private Blockchain 55, or proprietarySmart Contract Database 56 may provide durable recording of the smartcontract that prevents tampering. Writing to Public Blockchain 54,Private Blockchain 55, or proprietary Smart Contract Database 56 may beperformed by the administrator device and/or another device after bothparties have consented to the contract and signed the contract. Theblockchain, distributed among computers within the blockchain'sdistributed network, may receive a broadcast of the smart contract, andmay record the smart contract to a record in the blockchain. Nodeswithin the blockchain's distributed network may also pass broadcastedsmart contracts to other nodes for storage in a record.

Thus, the records for Public Blockchain 54, a Private Blockchain 55, ora proprietary Smart Contract Database 56 may be distributed amongmultiple devices, including devices for Administrator User 3000 andMonitored User 3002, which may allow independent device monitoring andcollaboration to determine rewards or penalties for data service usesmonitored for the smart contract. Once a smart contract is recorded to arecord, the record may be verified, audited, and secured by the nodeswithin the blockchain's network. Blocks may also further be secured fromtampering by having subsequent blocks add a cryptographic hash of theprevious block. Blocks of one or more valid smart contracts may also beupdated or appended based on monitored data service use, smart contractfulfillment/violation, and the implementation of the reward/penalty whenthe contract is fulfilled/completed or when the contact isviolated/incomplete after the contract's expiration or monitoringinterval.

FIGS. 6A and 6B illustrate exemplary data flowcharts in accordance withan alternative embodiment of the invention where the contextual contentof the communication is checked against Permissions 50 database prior toallowing Mobile Communications Device 20 access to the data services 22through 29 and 31. Initially, in step 160, one or more data services 22through 29 and 31 may be initiated on Mobile Communications Device 20.In step 161, Data Monitor 21 recognizes that a data service has beeninitiated and begins to capture information regarding the use of thedata service including, for example, the unique Device ID of MobileCommunications Device 20, the date/time stamp, the originating ordestination phone number, email address, or username, and/or thecontextual content of the data packet.

Once the request for a data service has been received (Step 130), DataMonitor 21 formats a data packet which includes the collectedinformation (Activity Record) and sends one or more data packets to thecentral repository located in Data Center 17. In step 140, Data Gateway30 located in Data Center 17 receives the data packet(s) and then checksthe content of the data packet(s) in step 162 against Permissions 50database located in Data Center 17. If the data request was notauthorized (step 163), Data Gateway 30 notifies (step 164) MobileCommunications Device 20 by sending a message through Cellular ServiceProvider 16 to Data Monitor 21 on Mobile Communications Device 20. InStep 166, Data Monitor 21 cancels the data service request. If the datarequest was authorized (step 163), Data Gateway 30 notifies (step 165)Mobile Communications Device 20 by sending a message through CellularService Provider 16 to Data Monitor 21 on Mobile Communications Device20. In Step 167, Data Monitor 21 completes the authorized data servicerequest.

FIG. 6C shows an alternate embodiment whereby the Permissions 51database resides locally on Mobile Communication Device 20. Once therequest for a data service has been received (Step 130), Device DataMonitor 21 checks the content of the data packet(s) in step 182 againstPermissions 51 database located on Mobile Communication Device 20. Ifthe data request was not authorized (step 185), Device Data Monitor 21on Mobile Communications Device 20 alerts other devices (step 186) andcancels the data service request in step 188. If the data request wasauthorized (step 185), Device Data Monitor 21 on Mobile CommunicationsDevice 20 completes the authorized data service request in Step 187.

FIGS. 7A and 7B illustrate exemplary data flowcharts for thenotification of unauthorized events on Mobile Communications Device 20in accordance with an embodiment of the present invention. In Step 170,Alert Monitor 70 is monitoring the records being entered into ActivityLog 40 database by Data Gateway 30. Each record is checked againstPermissions 50 database. If the Log Activity is authorized (step 171),no further action is required.

If the Log Activity is not authorized (step 171), then Data Gateway 30looks up the delivery notification method in Permissions 50 database(step 172) and sends an alert message via Cellular Service Provider 16or alternately through any available communications network includingfor example PIN-to-PIN, Wi-Fi, Bluetooth, Personal Area Networks, LocalArea Networks, and/or Public Networks (e.g., cellular networks,satellite networks, and/or the Internet) to one or more destinations. Asan example, step 173 identifies an email message being sent to one ofthe users of the account while step 174 identifies an SMS text messagebeing sent to an alternate user of the account. In accordance with oneor more embodiments of the present invention, many forms of datacommunications may be supported, including for example voice messages,SMS Text Messages, email or any other publicly acceptedmachine-to-machine communications protocol.

FIG. 8 illustrates an exemplary data flowchart for the reporting orexporting of information stored in the Activity Log 40 database inaccordance with one or more embodiments. For example, an administrator(e.g., user) of the application or system (e.g., of Data Center 17) mayview the contents of Activity Log 40 and request an Activity Report 90from the system (step 175). Alternatively or in addition, theadministrator may be requested or may identify a situation where thecontent of Activity Log 40 contains evidence of a criminal act and isreported (step 176) via an electronic transmission to a Law Enforcementagency 95.

For example, the administrator may discover a photograph of childpornography (or other illegal activity) captured in a MultimediaMessaging Service (MMS) message provided to the monitored mobile phone(e.g., Mobile Communications Device 20). This photograph along with themessage headers, identifying source IDs and other evidentiaryinformation may be filed, for example, electronically with the Centerfor Missing and Exploited Children or to the appropriate governmentagency. In general in accordance with one or more embodiments, ActivityReport 90 and/or information provided to Law Enforcement agency 95 maysatisfy chain of custody or other forms of custody of evidencerequirements with respect to authenticity of the record or otherinformation due to the signing (and possible encryption) of theinformation as discussed previously (e.g., in reference to FIGS. 3A-3Q).Thus as disclosed herein, a report containing authenticating data may begenerated (e.g., from activity logs) between Mobile CommunicationsDevice 20 and a third party, which may be utilized for example by theparty monitoring Mobile Communications Device 20 and/or by lawenforcement authorities or other entities (e.g., agencies ororganizations) lawfully provided with the report.

As disclosed herein, systems, methods, and program products aredisclosed, in accordance with one or more embodiments of the presentinvention, which are directed to monitoring the communications to andfrom a wireless data device. For example in accordance with anembodiment, each of the data services on a wireless device, such as acell phone, a Smartphone, a personal digital assistant (PDA), or atablet, may be monitored against the permissions (e.g., rules) stored ina central repository. Data services may include all forms ofcommunications between the device and a third party including, forexample, cellular voice calls, short message service (SMS) textmessages, email, instant messaging sessions, and/or the applicationsused by the data services including, for example, the address book,calendar, financial transactions, application usage, and tasksmaintained on the wireless device.

For example in accordance with one or more embodiments, a clientapplication such as an application installed on a mobile communicationsdevice, such as for example a cell phone, PDA, or tablet, transmitsdetailed device usage information such as application usage informationusing a wireless data connection from the device to a centralrepository. Alternatively or in combination with the client applicationinstalled on a mobile communications device, in accordance with one ormore embodiments, a network data monitor may be installed on acommunications network communicating with the mobile communicationsdevice to monitor and collect the detailed mobile communications deviceusage information to provide to the central repository. Thecommunications network may represent a network of a cellular serviceprovider or any other type of communications network (e.g., anystandards or protocols) including for example PIN-to-PIN, Wi-Fi,Bluetooth, Personal Area Networks, Near Field Communication, Local AreaNetworks, and/or Public Networks (e.g., cellular networks, satellitenetworks, and/or the Internet). A generic application (such as a gaming,social networking, browsing, messaging, etc.,) may process or otherwiseexecute processes associated with the application's usage using acombination of hardware (e.g., a smart chip), software, andcommunications networks and protocols. Systems and methods disclosedherein may be used to manage access to and use of a device'sapplications based on any suitable combination of hardware, software,and/or communications protocols that are used to execute applicationprocesses.

As an example, FIG. 9 is a block diagram of a system illustratingtechniques to monitor the activities on a wireless device via datamonitoring on the wireless device and/or on a communication network(e.g., carrier network) in accordance with an embodiment of the presentinvention. As can be seen, FIG. 9 is similar to FIG. 1, but furtherincludes a Network Data Monitor 200 (e.g., a cellular-based network datamonitoring program tool). Network Data Monitor 200 may be viewed asfunctioning and implemented in a similar fashion as described for DataMonitoring program tools 11, 13, or 15, but is located within thecommunications network (e.g., of Cellular Service Provider 16) ratherthan located within corresponding wireless device (e.g., mobilecommunications device) 10, 12, or 14. For example, Network Data Monitor200 may represent software run by a logic device (e.g., a processor) ofCellular Service Provider 16 or a hardware-based logic device ofCellular Service Provider 16. Network Data Monitor 200 monitors the dataservices on wireless devices 10, 12, and 14 via communications betweenwireless devices 10, 12, and 14 and Cellular Service Provider 16 andprovides the information collected on data services use to Data Gateway30. Therefore, Network Data Monitor 200 may monitor and collect thevarious information on data services use for the various wirelessdevices (e.g., wireless devices 10, 12, and 14) communicating withCellular Service Provider 16 and provide this information to Data Center17 (e.g., via Data Gateway 30 or through any available communicationsnetwork) such that this information can then be logged, processed, andanalyzed in a similar fashion as described herein in reference to FIGS.1-8.

In accordance with an embodiment, Network Data Monitor 200 may performthe data services use monitoring solely for a wireless device (e.g.,wireless device 10) whether or not that wireless device has a DeviceData Monitor programming tool (e.g., Device Data Monitor 11).Alternatively in accordance with an embodiment, Network Data Monitor 200may perform the data services use monitoring solely for a wirelessdevice (e.g., wireless device 10) only if that wireless device does nothave a Device Data Monitor programming tool (e.g., Device Data Monitor11). Alternatively, in accordance with an embodiment, Network DataMonitor 200 may perform the data services use monitoring for a wirelessdevice (e.g., wireless device 10) in combination with the Device DataMonitor programming tool (e.g., Device Data Monitor 11) of the wirelessdevice.

FIG. 10 is a block diagram as an example of a specific systemillustrating monitoring tools associated with a mobile communicationsdevice and/or the carrier network in accordance with an embodiment ofthe present invention. Specifically, FIG. 10 illustrates an exampleimplementation of Network Data Monitor 200 within the network ofCellular Service Provider 16 to monitor data services use for one ormore wireless devices (e.g., such as wireless device 10, whichoptionally may include Device Data Monitor 11).

Cellular Service Provider 16 includes a Mobile Switching Center 202, aBilling System 204, and Network Data Monitor 200. All telephone and SMSis routed through Mobile Switching Center 202 that generates a CallDetail Record (CDR) 226 associated with supporting the communication(e.g., switching or routing the telephone call or data packet (e.g., SMSmessage)) of wireless device 10. The Call Detail Record 226 (e.g., CDRpacket) may then be provided to Billing System 204 of Cellular ServiceProvider 16 for billing purposes, as would be understood by one skilledin the art. The Call Detail Record 226 may also be provided to NetworkData Monitor 200 (e.g., by providing a copy of the Call Detail Record226 (e.g., CDR packet) via a switch splitter or port spanning (e.g., atthe hardware layer)).

Network Data Monitor 200 may then use the Call Detail Record 226 tomonitor the data services use of wireless devices (e.g., wireless device10) using Cellular Service Provider 16 and to provide the information onthe data services use to Data Center 17 to perform the various functionsas discussed herein (e.g., in reference to FIGS. 1-8). Consequently, forone or more embodiments, the data services use monitoring techniquesdisclosed herein may be performed solely by Network Data Monitor 200,solely by Device Data Monitoring program tool 11 (if present), and/or bythe combination of Network Data Monitor 200 and Device Data Monitoringprogram tool associated with the particular wireless device (e.g.,wireless device 10 with Device Data Monitoring program tool 11)utilizing Cellular Service Provider 16.

FIGS. 11 and 12 are block diagrams as examples of specific systemsillustrating monitoring tools associated with a mobile communicationsdevice and/or the carrier network in accordance with one or moreembodiments of the present invention. As a specific example for anembodiment, FIG. 11 illustrates Network Data Monitor 200 used to extractvarious data services use information from Call Detail Record 226.

As shown in FIG. 11, Network Data Monitor 200 may monitor and compileinformation on various data service uses, such as for example withrespect to photos, videos, and multimedia (e.g., Photo/Video/MultimediaCall Detail Record 212), telephone calls (e.g., Phone Cal Detail Record214), email (Email Call Detail Record 216), SMS communications (e.g.,SMS Call Detail Record 218), IM communications (e.g., IM Call DetailRecord 220), Internet use (e.g., Internet Call Detail Record 222),Application installations (e.g., modifications, deletions, additions, orInstallation Call Detail Record 224), financial transactions (e.g.,Financial Transaction Detail Record 232), and/or other types ofapplication usage that may be monitored for metrics (e.g., time/length,amount, type, or other metrics of data service use). In general, NetworkData Monitor 200 may monitor various data service uses to obtain thedesired information for each wireless device in a similar fashion asdescribed in reference to FIG. 2 for Data Monitor 21 (for the variousexamples of data service uses, such as Phone Application 22 throughPhoto/Video/Multimedia 31 and/or Generic Application 33).

Depending upon the desired application and specific implementation,prior to providing the data service use information to Data Center 17(e.g., via Data Gateway 30), Network Data Monitor 200 may be able toextract all of the data service use information desired directly fromCall Detail Record 226 or may utilize various databases as required toobtain the desired data service use information (e.g., such as when thesource information is being received or transferred from within thecarrier network rather than directly from the wireless device, as wouldbe understood by one skilled in the art).

For example, for Photo/Video/Multimedia Call Detail Record 212, NetworkData Monitor 200 may utilize an MMS Database 228 (e.g., of CellularService Provider 16) to obtain the desired data service use informationassociated with an MMS payload. As another example, for SMS Call DetailRecord 218, Network Data Monitor 200 may utilize an SMS Database 230 (ofCellular Service Provider 16) to obtain the desired data service useinformation associated with an SMS payload. As another example, foraddress book, calendar, or task applications, the data services use maybe monitored by Network Data Monitor 200 via Call Detail Record 226 ifthe associated wireless device synchronizes with the correspondingaddress book, calendar, or task database (e.g., as described inreference to FIGS. 3J-3L).

As another specific example for an embodiment, FIG. 12 illustratesNetwork Data Monitor 200 and Device Data Monitor 21 used in combinationto extract various data services use information (e.g., associated withwireless device 20). As shown for example, Network Data Monitor 200functions in a similar fashion as described in reference to FIG. 11 toobtain from Call Detail Record 226 (and various databases as needed,such as for MMS or SMS information) various data services useinformation to provide to Data Gateway 30. Additionally as an example,Device Data Monitor 21 within wireless device 20 functions in a similarfashion as described in reference to FIG. 2 to monitor wireless device20 and provide various data services use information (e.g., Address BookApplication 27 and Calendar/Task Application 28) to Data Gateway 30. Thedata services use information provided by Network Data Monitor 200 andDevice Data Monitor 21 to Data Center 17 (e.g., via Data Gateway 30) maybe utilized as described further herein (e.g., in reference to FIGS.1-8).

In accordance with one or more embodiments of the present invention, themonitoring of the data services usage of a wireless device (e.g., amobile communications device) may further provide certain benefits to auser (or owner) of the mobile device. For example, as discussed herein,the monitoring of various data services use may include monitoringaccess to information and/or applications associated with various dataservices. Therefore, a breach of a user's privacy may be prevented bymonitoring attempts to access information associated with various dataservices if an attempt violates a rule (e.g., as set forth inPermissions 50 database and for example as described in reference toFIGS. 4-7B). As a specific example, if an application within thewireless device (e.g., wireless device 20) attempts to gain access toprivileged user information and/or services without the user providingpermission, the attempt to gain access may be blocked. For example, aparticular application may attempt to access the user's telephone book,address book, email records, mobile wallet, or Internet use historywithout authorization, which may be blocked or the user notified byimplementing the techniques disclosed herein. Specifically, themonitoring of this particular data service use (e.g., by Device Datamonitor 21 and/or Network Data Monitor 200) may allow the unauthorizedaccess attempt to privileged user information to be blocked using thetechniques disclosed herein (e.g., as discussed in reference to FIGS. 5and 6B) and/or to alert the user of the unauthorized activity (e.g., asdiscussed in reference to FIGS. 7A-7B).

As another specific example, if a user visits an application store froma wireless device (e.g., wireless device 20) and attempts to make amobile application purchase using the mobile wallet (e.g., GenericApplication 33), the attempt to complete the transaction or download theapplication may be blocked for violating one or more rules (e.g., as setforth in Permissions 50 database). For example, the administrator of thewireless device may have restricted the transfer of funds to or from aknown IDENTITY (e.g., your child's friend Tom or a store such asTarget®), block the purchase and/or download from a known IDENTITY(e.g., application store iTunes®), and/or block specific products from aknown IDENTITY (e.g., iTunes Videos®). Specifically, the monitoring ofthis particular data service use (e.g., by Device Data monitor 21 and/orNetwork Data Monitor 200) may allow the unauthorized attempt to accessfunds in a mobile wallet to be blocked using the techniques disclosedherein (e.g., as discussed in reference to FIGS. 5 and 6B) and/or toalert the user of the unauthorized activity (e.g., as discussed inreference to FIGS. 7A-7B).

As discussed herein (e.g., in reference to FIG. 5), the particular ruleswithin Permission 50 database that govern access and other data servicesuse rights may be set by one or more entities (e.g., an administrator,such as the user, parent/guardian of the user, and/or owner/employer) asappropriate for the specific implementation associated with the wirelessdevice. For example, the administrator may set various rules via thewireless device (e.g., by providing an appropriate password) and/or viaa web user interface or by various conventional techniques, as would beunderstood by one skilled in the art. Furthermore, the rules may beapplied to one or more wireless devices under an administrator's control(e.g., a family policy of rules or corporate rules applied to a numberof wireless devices).

In general (e.g., in reference to FIG. 12), Device Data Monitor 21 maybe used to capture the data service activity on a Mobile CommunicationsDevice 20 and Network Data Monitor 200 (e.g., Cellular Network DataMonitor) may be used to capture the data service activity originated orsent to a Mobile Communications Device 20 via the Cellular ServiceProvider 16 in accordance with an embodiment of the present invention.As discussed herein, alternatively or in combination with Device DataMonitor 21, Network Data Monitor 200 monitors the inbound and outboundactivity for each of the data services captured at the Cellular ServiceProvider 16 and sends a detailed log of these activities to a centralrepository using Cellular Service Provider 16. Network Data Monitor 200(e.g., Network Data Monitor 200 program tool) may send the activityinformation through any available communications network, such as forexample the Internet, a company network, and/or a public cellularnetwork.

FIGS. 13A-B illustrates an exemplary flowchart for execution of a smartcontract based on mobile communication device usage in accordance withone or more embodiments of the present invention. FIG. 13A illustratesan exemplary triggering process to determine whether a digital smartcontract has been completed or if data service uses for the digitalcontract are violated or restricted. This allows a monitoring device toimplement a penalty or reward for the unsuccessful/successful completionof the smart contract in a blockchain ledger or database.

The flowchart begins at step 406 by a monitoring device determining dataservice use and whether a digital smart contract's triggering event hasbeen met, for example, by a contract scheduler device (e.g., DataMonitor 21, which may utilize additional component such as Alert Monitor70). The triggering event may correspond to expiration of a timeinterval or time period that a device is monitored for, and may furtherinclude the data service use or other device application usage thattriggers an event. For example, a triggering event may correspond toallowed or restricted application usage for a permission scenario. Aparticular triggering event may be an amount of hours of use of anapplication daily or weekly, or an amount of data service use by theapplication. Other triggering events may relate to specific applicationusage type, messaged individuals, transaction costs or items purchased,or other application usage.

At step 408, if the triggering event is not detected, the flowchart mayend and device monitoring may cease for a limited time smart contract,or may continue/restart monitoring for the time interval of a repeatingcontract. However, if the triggering event is detected, at step 410,rewards and/or penalties may be assessed and executed. Flowchart 13Billustrates a process by which those processing actions may bedetermined and implemented.

Step 410 continues in FIG. 13B, where the contract rewards or penaltiesare executed based on the triggering condition previously determined instep 408. The contract reward or penalty may be assessed based on thepermission scenario and the resulting processing action for data serviceuses that are allowed or restricted under the permission scenario. Atstep 412, a financial transaction is sent using a Financial Account 34and the monitored Cellphone 10. The financial transaction may move valuebetween Financial Account 34 and eWallet 35, which may be a deduction ordeposit of value to eWallet 35 depending on the penalty or reward.

At step 414, permissions are updated based on the executed rewards orpenalties. This may include appending Public Blockchain 54, PrivateBlockchain 55, or Smart Contract Database 56 based on the smartcontract's performance by Cellphone 10. For example, the reward providedto or penalty imposed on Cellphone 10 based on performance under thesmart contract, and the corresponding processing action, may be writtento a record within Public Blockchain 54, Private Blockchain 55, or SmartContract Database 56 by appending a previous smart contract record. Thismay be distributed over the corresponding blockchains and pushed to theindividual devices, such as Cellphone 10.

As would be understood by one skilled in the art, embodiments of thepresent invention provide certain advantages over conventionalapproaches. For example, a conventional approach may simply provideparental controls, which monitor and block Internet and email accessfrom a Smartphone (i.e., having similar capabilities to a desktopcomputer) and which primarily prevent access to unwanted content orblock the transmission of personally identifiable information. However,a traditional cell phone (i.e., non-Smartphone) may not provide accessto vital mobile communication device services such as phone and SMS logsor may contain other limitations inherent to the operating system ofthese older legacy-type of phones.

In contrast to these conventional approaches and limitations, inaccordance with one or more embodiments, Network Data Monitor 200 wouldaugment (or overcome) these limitations by capturing the data at theCellular Service Provider 16. For example, most legacy cell phones allowthe user to send and receive text messages, but the contextualinformation related to the text message transmission is stored in a CallDetail Record used by the Cellular Service Provider to route the messagethrough its internal network for billing and eventual delivery to theintended recipient. Both the legacy phone as well as the internalcarrier network can provide the SMS service, but do not inherentlyinclude parental or administrative controls.

As another example of a conventional approach, child and employeemonitoring of geographic location may be provided from a cell phone, butthis approach typically requires an active search by the administrator,parent or manager to locate the device. Perimeter boundaries or virtualfencing could be deployed using existing location technology, but incombination with other data services activity, a much more refinedforensic alert system can be deployed.

For example, an employee being in the file room may be within theparameters of the virtual fence. Furthermore, taking a picture from acell phone may be an acceptable activity in accordance with corporateacceptable use policies. However, taking a picture while located withinthe file room may be reason for concern, especially if followed bysending the picture to a non-corporate destination, which may requireimmediate attention by internal security personnel.

For example, the GPS information may be provided by Device Data Monitor21 to Data Center 17, where it is stored in activity log 40, and analert provided to the administrator if the Mobile Communications Device20 enters a restricted area or proceeds outside of a defined geographicregion. In general, Device Data Monitor 21 provides various informationto Data Center 17 to permit an administrator (e.g., parent or manager)to monitor the activities (e.g., location, communications with a thirdparty, and/or changes to applications or other data within MobileCommunications Device 20) of a user of Mobile Communications Device 20,with an optional alert provided to the administrator if an unauthorizedactivity occurs.

Embodiments described above illustrate but do not limit the invention.It should also be understood that numerous modifications and variationsare possible in accordance with the principles of the present invention.Accordingly, the scope of the invention is defined only by the followingclaims.

What is claimed is:
 1. A system comprising: a memory configured to storeprograms and database information; a processor, coupled to the memory,configured to access the database information and run the programs; anda communication gateway, coupled to the processor and the memory,configured to receive information, including contextual information, ondata service uses from a mobile, wireless, communication device, beingmonitored by the system, configured to: monitor the data service uses;compile the information associated with the data service uses; andprovide the information associated with the data service uses to bereceived by the communication gateway; wherein the data service uses areassociated with the mobile, wireless, communication device and comprise:inbound and outbound communications of the mobile, wireless,communication device; and an addition, modification, and/or deletionwithin the mobile, wireless, communication device to application data,wherein the information associated with the data service uses comprisemessage information for a message application data service use,including at least one of associated originating or destination emailaddress, username, or telephone number along with contextual data, andwherein the information further comprises Internet access informationand/or application installation information; wherein the databaseinformation comprises: an activity log database configured to store anentry for a data service use based on the information, including thecontextual information, received from the mobile, wireless,communication device; and a permissions database configured to storerules as to whether the data service use is allowed for the mobile,wireless, communication device; and wherein the programs comprise: analert monitor program configured to compare the entry for the dataservice use stored in the activity log database to an associated rulestored in the permissions database and to provide an alert if the dataservice use of the mobile, wireless, communication device is notallowed.
 2. The system of claim 1, wherein the memory, the processor,and the communication gateway form a data center for monitoring the dataservice uses; wherein the system further comprises the mobile, wireless,communication device, wherein the mobile, wireless, communication deviceincludes a data monitor program configured to perform the monitoring ofthe data service uses and the compiling of the information associatedwith the data service uses; wherein the data service uses furthercomprise an addition, modification, and/or deletion within the mobile,wireless, communication device of an application; and wherein theinformation associated with the data service uses comprises: telephonecall information for a phone application data service use, includingassociated originating or destination telephone number and contextualdata; and changes to application data information for at least one of anaddress book or a calendar along with contextual data.
 3. The system ofclaim 1, wherein the data services associated with the mobile, wireless,communication device comprise a phone application and a textapplication; wherein the alert monitor program is configured to analyzethe contextual information along with an associated telephone number,email address, or username to determine if the data service use for themobile, wireless, communication device is not allowed; and wherein theinformation includes identification of the mobile, wireless,communication device along with a date and time associated with the dataservice use.
 4. The system of claim 3, wherein the data servicesassociated with the mobile, wireless, communication device furthercomprise an email application, an address book application, a calendarapplication, a tasks application, an instant messaging application, anda multimedia application, and wherein the contextual informationincludes a combination of two or more of text, message content, files,pictures, and audio information associated with the data service uses.5. The system of claim 1, wherein the database information furthercomprises: an address book database configured to store address bookinformation of the mobile, wireless, communication device; a calendardatabase configured to store calendar information of the mobile,wireless, communication device; and wherein the alert monitor programdetermines whether the data service use is allowed based at least inpart on whether an identity that is in communication with the mobile,wireless, communication device and associated with the data service useis found in the address book database.
 6. The system of claim 1, whereinthe mobile, wireless, communication device comprises a cell phone, apersonal digital assistant, or a smartphone, and wherein the dataservices associated with the mobile, wireless communication devicecomprises a location determination application.
 7. The system of claim1, wherein the programs further comprise a data gateway program toolconfigured to route the information on the data service uses receivedfrom the mobile, wireless, communication device being monitored to thememory and to route the alert from the alert monitor program to adesignated external device.
 8. The system of claim 1, wherein the systemmonitors communications to and from the mobile, wireless, communicationdevice by monitoring the information on the data service uses to detectunauthorized activity, and wherein the system further provides web-basedaccess to the database information for an administrator to review theinformation on the data service uses of the mobile, wireless,communication device and modify the associated rule.
 9. The system ofclaim 1, wherein the information on the data service uses comprisesinbound and outbound telephone voice information, inbound and outboundtext information, and changes to the application data within the mobile,wireless communication device, and wherein the alert monitor program isconfigured to analyze the contextual information to determine if thedata service use for the mobile, wireless, communication device is notallowed, with the contextual information comprising a combination of twoor more of text, files, pictures, and audio information associated withthe data service uses.
 10. The system of claim 9, wherein theinformation on the data service uses further comprises a change to anaddress book, a change to a calendar, a change to a task, inbound andoutbound email information, and inbound and outbound instant messaginginformation, and further includes inbound and outbound multimediainformation, a web browser request, and/or an application installation.11. The system of claim 10, wherein the alert is provided to the mobile,wireless, communication device to prevent the data service use that isnot allowed based on the rules stored in the permissions database.
 12. Amobile communications device comprising: a memory configured to storeprograms and data; a processor, coupled to the memory, configured to runthe programs stored in the memory; and a communications port configuredto wirelessly communicate with a data center; wherein the programscomprise a data monitor program configured to: monitor data service usesof the mobile communications device, wherein the mobile communicationdevice comprises a cell phone, a personal digital assistant, or aSmartphone, and wherein the data services for the mobile, wirelesscommunication device comprise a location determination application;compile information, including contextual information, of the dataservice uses; and transmit the information to the data center via thecommunications port; and wherein the data service uses, for dataservices associated with the mobile communication device, comprise:inbound and outbound communications of the mobile communication device;additions, modifications, and/or deletions within the mobilecommunication device to applications; and additions, modifications,and/or deletions within the mobile communication device to applicationdata.
 13. The mobile communications device of claim 12, wherein the dataservices comprise a phone application and a text application, whereinthe information comprises: telephone call information for a phoneapplication data service use, including associated originating ordestination telephone number and contextual data; messages informationfor a text application data service use, including an associatedtelephone number along with contextual data; and wherein the contextualinformation comprises a combination of two or more of text, files,pictures, and audio information associated with the data service uses.14. The mobile communications device of claim 13, wherein the dataservices further comprise an email application, an instant messagingapplication, an address book application, a calendar application, atasks application, a web browser application, an installationapplication, and a multimedia application; and wherein the informationcomprises: email information for an email application data service use,including email address, date/time stamp, and contextual data; instantmessaging information for an instant messaging application data serviceuse, including username, date/time stamp, and contextual data; addressbook information for an address book application data service use,including date/time stamp and contextual data associated with theaddress book application data service use; calendar information for acalendar application data service use, including date/time stamp andcontextual data associated with the calendar application data serviceuse; task information for a task application data service use, includingdate/time stamp and contextual data associated with the task applicationdata service use; web browser information for a web browser applicationdata service use, including date/time stamp, uniform resource locator,and contextual data associated with the web browser application dataservice use; installation application information for an installationapplication data service use, including date/time stamp and contextualdata associated with the installation application data service use; andmultimedia application information for a multimedia application dataservice use, including date/time stamp and contextual data associatedwith the multimedia application data service use.
 15. The mobilecommunications device of claim 12, wherein the data monitor program isfurther configured to prevent an unauthorized data service use based oninformation received from the data center via the communications port.16. A method of monitoring a mobile communication device configured tomonitor data service uses, compile information, including correspondingcontextual information associated with the data service uses, andprovide the information associated with the data service uses to aremote data center, the method comprising: storing rules associated withthe data service uses for the mobile communication device at the remotedata center, wherein the data service uses, for data services associatedwith the mobile communication device, comprise: inbound and outboundcommunications of the mobile communication device; additions,modifications, and/or deletions within the mobile communication deviceto applications; and additions, modifications, and/or deletions withinthe mobile communication device to application data; receiving theinformation, including the corresponding contextual information, for adata service use from the mobile communication device, wherein thecorresponding contextual information includes a combination of two ormore of text, message information, files, pictures, or audio informationassociated with the data service uses; storing the information for thedata service use; checking the data service use based on the informationto a corresponding rule associated with the data service use; providingan alert that the data service use is unauthorized based on thecorresponding rule; providing for an administrator web-based access tothe rules and the data service uses stored; and permitting theadministrator to modify the rules.
 17. The method of claim 16, furthercomprising providing the alert to the mobile communication device toprevent the data service use that is unauthorized, and wherein thechecking is based at least in part on whether an identity that is incommunication with the mobile communication device and associated withthe data service use is an authorized entry within an address bookassociated with the mobile communication device.
 18. The method of claim16, further comprising providing the alert to an administrator to notifyof the data service use that is unauthorized, wherein the checkinganalyzes the information, including the contextual information, todetermine that the data service use for the mobile communication deviceis unauthorized.
 19. The method of claim 16, wherein the data serviceuses comprise a phone application use, a text application use, and anemail application use, wherein the checking is based at least in part onwhether an identity that is in communication with the mobilecommunication device and associated with the data service use is anauthorized entry within an address book associated with the mobilecommunication device, and wherein the information further comprises:telephone call information for a phone application data service use,including associated originating or destination telephone number andcontextual data; and messages information for a message application dataservice use, including at least one of associated originating ordestination email address, username, or telephone number along withcontextual data.
 20. The method of claim 19, wherein the data serviceuses comprise an instant messaging application data service use, anaddress book application data service use, a calendar application dataservice use, a tasks application data service use, an installationapplication data service use, a web browser application data serviceuse, and a multimedia application data service use, and wherein theinformation further comprises: changes to application data informationfor at least one of an address book or a calendar along with contextualdata; instant messaging information for the instant messagingapplication data service use, including username, date/time stamp, andcontextual data; task information for the tasks application data serviceuse, including date/time stamp and contextual data associated with atask addition, modification, and/or deletion; web browser informationfor the web browser application data service use, including date/timestamp, uniform resource locator, and contextual data; installationapplication information for the installation application data serviceuse, including date/time stamp and contextual data associated with theinstallation application data service use; and multimedia applicationinformation for the multimedia application data service use, includingdate/time stamp and contextual data associated with the multimediaapplication data service use.
 21. The method of claim 16, wherein themobile communication device comprises a cell phone, a personal digitalassistant, or a Smartphone, wherein the data service use for the mobile,wireless communication device comprises a location determinationapplication, and wherein the information includes identification of themobile communication device along with a date and time associated withthe data service use.
 22. A method of monitoring a mobile communicationdevice, the method comprising: monitoring data service uses of themobile communication device, wherein the data service uses, for dataservices associated with the mobile communication device, comprise:inbound and outbound communications of the mobile communication device;and additions, modifications, and/or deletions within the mobilecommunication device to application data; detecting an initiation of adata service use; capturing information, including contextualinformation, associated with the data service use based on thedetecting, wherein the information comprises message information for amessage application data service use, including at least one ofassociated originating or destination email address, username, ortelephone number along with contextual data, wherein the data servicescomprise a phone application and/or a text application, and wherein thecontextual information comprises any combination of text, files,pictures, and audio information associated with the data service use;compiling the information based on the capturing; and transmitting theinformation to a data center to store the information.
 23. The method ofclaim 22, wherein the information comprises telephone call informationfor a phone application data service use, including associatedoriginating or destination telephone number and contextual data.
 24. Themethod of claim 23, wherein the data service uses further comprise anaddition, modification, and/or deletion within the mobile, wireless,communication device of an email application, an instant messagingapplication, an address book application, a calendar application, atasks application, a web browser application, an installationapplication, and a multimedia application, and wherein the informationcomprises: email information for an email application data service use,including email address, date/time stamp, and contextual data; instantmessaging information for the instant messaging application data serviceuse, including username, date/time stamp, and contextual data; addressbook information for the address book application, including date/timestamp and contextual data associated with the addition, modification,and/or deletion to the address book application; calendar informationfor the calendar application, including date/time stamp and contextualdata associated with the addition, modification, and/or deletion to thecalendar application; task information for the tasks application,including date/time stamp and contextual data associated with theaddition, modification, and/or deletion to the tasks application; webbrowser information for the web browser application, including date/timestamp, uniform resource locator, and contextual data; installationapplication information for the installation application, includingdate/time stamp and contextual data associated with the addition,modification, and/or deletion to the installation application; andmultimedia application information for the multimedia application,including date/time stamp and contextual data associated with theaddition, modification, and/or deletion to the multimedia application.25. The method of claim 22, wherein the mobile communication devicecomprises a cell phone, a personal digital assistant, or a smartphone,and wherein the data service use for the mobile, wireless communicationdevice comprises a location determination application use.
 26. Themethod of claim 22, further comprising: receiving, from the data center,authorization information regarding the data service use; and preventingthe data service use if the authorization information indicates that thedata service use is unauthorized.
 27. A non-transitory computer-readablemedium on which is stored a computer program for performing a method ofmonitoring a mobile communication device configured to monitor dataservice uses, compile information, including corresponding contextualinformation associated with the data service uses, and provide theinformation associated with the data service uses to a remote datacenter, the method comprising: storing rules associated with the dataservice uses for the mobile communication device at the remote datacenter, wherein the data service uses, for data services associated withthe mobile communication device, comprise: inbound and outboundcommunications of the mobile communication device; additions,modifications, and/or deletions within the mobile communication deviceto applications; and additions, modifications, and/or deletions withinthe mobile communication device to application data; receiving theinformation, including the corresponding contextual information, for adata service use from the mobile communication device, wherein theinformation comprises message information for a message application dataservice use, including at least one of associated originating emailaddress, destination email address, username, or telephone number alongwith contextual data, and wherein the contextual information includes acombination of two or more of text, message content, files, pictures,and audio information associated with the data service uses; storing theinformation for the data service use; checking the data service usebased on the information to a corresponding rule associated with thedata service use, wherein the checking is further based at least in parton whether an identity that is in communication with the mobilecommunication device and associated with the data service use is anauthorized entry within an address book associated with the mobilecommunication device; and in response to checking the data service use,performing at least one of: providing an alert that the data service useis unauthorized to the communication device based on the correspondingrule; and/or preventing the data service use that is unauthorized on thecommunication device based on the corresponding rule.
 28. Thenon-transitory computer-readable medium of claim 27, wherein the methodfurther comprises providing the alert to an administrator to notify theadministrator of the data service use that is unauthorized, and whereinthe checking further analyzes the information, including the contextualinformation, to determine if the data service use for the mobilecommunication device is unauthorized.
 29. The non-transitorycomputer-readable medium of claim 27, wherein the data service usescomprise uses of a phone application, a text application, and an emailapplication, and wherein the information comprises telephone callinformation for a phone application data service use, includingassociated originating or destination telephone number and contextualdata.
 30. The non-transitory computer-readable medium of claim 29,wherein the data service uses comprise an email application data serviceuse, an instant messaging application data service use, an address bookapplication data service use, a calendar application data service use, atasks application data service use, an installation application dataservice use, a web browser application data service use, and amultimedia application data service use, and wherein the informationcomprises: changes to application data information for at least one ofan address book or a calendar along with contextual data; instantmessaging information for the instant messaging application data serviceuse, including username, date/time stamp, and contextual data; taskinformation for the task application data service use, includingdate/time stamp and contextual data associated with a task addition,modification, and/or deletion; web browser information for the webbrowser application data service use, including date/time stamp, uniformresource locator, and contextual data; installation applicationinformation for the installation application data service use, includingdate/time stamp and contextual data associated with the installationapplication data service use; and multimedia application information forthe multimedia application data service use, including date/time stampand contextual data associated with the multimedia application dataservice use.
 31. A non-transitory computer-readable medium on which isstored a computer program for performing a method of monitoring a mobilecommunication device, the method comprising: monitoring data serviceuses of the mobile communication device, wherein the data service uses,for data services associated with the mobile communication device,comprise: inbound and outbound communications of the mobilecommunication device; any additions, modifications, and/or deletionswithin the mobile communication device to applications; and anyadditions, modifications, and/or deletions within the mobilecommunication device to application data; detecting an initiation of adata service use; capturing information, including contextualinformation, associated with the data service use based on thedetecting, wherein the information associated with the data service usescomprise message information for a message application data service use,including at least one of associated originating or destination emailaddress, username, or telephone number along with contextual data,wherein the data service uses comprise a phone application use and/or atext application use, and wherein the contextual information comprisesany combination of text, files, pictures, and audio informationassociated with the data service uses; compiling the information basedon the capturing; and transmitting the information of the data serviceuse to a data center to store the information.
 32. The non-transitorycomputer-readable medium of claim 31, wherein the information comprisestelephone call information for a phone application data service use,including associated originating or destination telephone number andcontextual data.
 33. The non-transitory computer-readable medium ofclaim 32, wherein the data service uses further comprise an emailapplication data service use, an instant messaging application dataservice use, an address book application data service use, a calendarapplication data service use, a tasks application data service use, aweb browser application data service use, an installation applicationdata service use, and a multimedia application data service use, andwherein the information comprises: email information for the emailapplication data service use, including email address, date/time stamp,and contextual data; instant messaging information for the instantmessaging application data service use, including username, date/timestamp, and contextual data; address book information for the addressbook application data service use, including date/time stamp andcontextual data associated with the address book application dataservice use; calendar information for the calendar application dataservice use, including date/time stamp and contextual data associatedwith the calendar application data service use; task information for thetasks application data service use, including date/time stamp andcontextual data associated with the tasks application data service use;web browser information for the web browser application data serviceuse, including date/time stamp, uniform resource locator, and contextualdata; installation application information for the installationapplication data service use, including date/time stamp and contextualdata associated with the installation application data service use; andmultimedia application information for the multimedia application dataservice use, including date/time stamp and contextual data associatedwith the multimedia application data service use.
 34. The non-transitorycomputer-readable medium of claim 31, wherein the method: receiving,from the data center, authorization information regarding the dataservice use; and preventing the data service use if the authorizationinformation indicates that the data service use is unauthorized.